CVE-2017-1000251

 

Published at: - 12-09-2017 07:29

Last modified: - 19-01-2023 04:53

Total changes: - 4

Description

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://www.armis.com/blueborne
• https://access.redhat.com/security/vulnerabilities/blueborne
• 100809-Patch, Third Party Advisory, VDB Entry
• VU#240311-Third Party Advisory, US Government Resource
• 1039373-Third Party Advisory, VDB Entry
• 42762-Exploit, Third Party Advisory, VDB Entry
• http://nvidia.custhelp.com/app/answers/detail/a_id/4561
• DSA-3981-Third Party Advisory
• https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
• RHSA-2017:2732-Third Party Advisory
• RHSA-2017:2731-Third Party Advisory
• RHSA-2017:2707-Third Party Advisory
• RHSA-2017:2706-Third Party Advisory
• RHSA-2017:2705-Third Party Advisory
• RHSA-2017:2704-Third Party Advisory
• RHSA-2017:2683-Third Party Advisory
• RHSA-2017:2682-Third Party Advisory
• RHSA-2017:2681-Third Party Advisory
• RHSA-2017:2680-Third Party Advisory
• RHSA-2017:2679-Third Party Advisory
• https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

 

Keywords

NVD

 

CVE-2017-1000251

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures