Gustavo F. Padovan

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue is related to the sco sock getsockopt old function in the Linux kernel, which does not properly initialize a certain structure. This allows local users to potentially obtain sensitive information from kernel stack memory via the SCO CONNINFO option. **Recommendations** For versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39 **Description** The issue allows local users to obtain potentially sensitive information from kernel stack memory or cause a denial of service, resulting in a system crash. This is due to the `bnep sock ioctl` function in `net/bluetooth/bnep/sock.c` not ensuring that a certain device field ends with a '0' character, which can be exploited via a BNEPCONNADD command. **Recommendations** For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bnep sock ioctl` function to minimize the risk of exploitation.