The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
3.13.0-142.1915.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more5.4.0-1033.355.4.0-1035.375.4.0-1036.385.4.0-1037.395.4.0-1039.415.4.0-1041.435.4.0-1042.445.4.0-1043.455.4.0-1044.465.4.0-1046.48+41 more5.4.0-1008.95.4.0-1009.105.4.0-1010.115.4.0-1011.125.4.0-1012.135.4.0-1013.145.4.0-1014.155.4.0-1015.165.4.0-1016.175.4.0-1018.19+68 more5.3.0-1007.85.3.0-1014.165.3.0-1015.175.3.0-1017.195.4.0-1004.45.4.0-1006.65.4.0-24.285.4.0-26.305.4.0-27.315.4.0-28.325.4.0-30.345.4.0-31.355.4.0-33.375.4.0-34.385.4.0-36.415.4.0-37.42+2 more5.15.0-1073.755.15.0-1032.355.13.0-1004.45.13.0-1006.6+22.04.15.13.0-1007.7+22.04.15.13.0-1010.11+22.04.15.15.0-1004.45.15.0-1005.55.15.0-1006.65.15.0-1007.75.15.0-1008.85.15.0-1011.12+13 more6.11.0-1008.8~24.04.16.11.0-1012.12~24.04.16.11.0-1013.13~24.04.16.11.0-1014.14~24.04.16.11.0-1015.15~24.04.16.11.0-1017.17~24.04.16.11.0-1018.18~24.04.1Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H