CVE-2011-2480

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 8.2 NetBSD (affected versions not specified)

Description The issue is related to an Information Disclosure vulnerability in the 802.11 stack. A signedness error in the IEEE80211 IOC CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, potentially disclosing sensitive information.

Recommendations For FreeBSD versions prior to 8.2, update to version 8.2 or later to resolve the issue. For NetBSD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the IEEE80211 IOC CHANINFO ioctl to minimize the risk of exploitation.