CVE-2017-1000251 : The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux ke

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Published 2017-09-12 17:29:00

Updated 2023-01-19 15:53:40

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2017-1000251

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 6.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.13 and before (<) 4.13.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.2 and before (<) 4.4.88
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.50
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.19 and before (<) 4.1.45
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.12.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.3 and before (<) 3.16.49
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 2.6.32 and before (<) 3.2.94
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.17 and before (<) 3.18.71
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Nvidia » Jetson Tx1 » Version: R21
cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Jetson Tx1 » Version: R24
cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Jetson Tk1 » Version: R21
cpe:2.3:a:nvidia:jetson_tk1:r21:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Jetson Tk1 » Version: R24
cpe:2.3:a:nvidia:jetson_tk1:r24:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

Threat overview for CVE-2017-1000251

Top countries where our scanners detected CVE-2017-1000251

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2017-1000251 31,095

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-1000251!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-1000251

EPSS FAQ

4.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-1000251

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.7	HIGH	AV:A/AC:L/Au:S/C:C/I:C/A:C	5.1	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-1000251

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-1000251

https://www.kb.cert.org/vuls/id/240311

VU#240311 - Multiple Bluetooth implementation vulnerabilities affect many devices
Third Party Advisory;US Government Resource

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2706

RHSA-2017:2706 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.debian.org/security/2017/dsa-3981

Debian -- Security Information -- DSA-3981-1 linux
Third Party Advisory

CVEs referencing this url
https://www.armis.com/blueborne

BlueBorne Information from the Research Team - Armis Labs
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2732

RHSA-2017:2732 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2679

RHSA-2017:2679 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Synology Inc.
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2705

RHSA-2017:2705 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://www.exploit-db.com/exploits/42762/

Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
Exploit;Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2017:2682

RHSA-2017:2682 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/blueborne

Blueborne - Linux Kernel Remote Denial of Service in Bluetooth subsystem - CVE-2017-1000251 - Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2731

RHSA-2017:2731 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.securitytracker.com/id/1039373

Linux Kernel Stack Overflow in Bluetooth Stack Lets Remote Users on the Wireless Network Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2017:2707

RHSA-2017:2707 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2680

RHSA-2017:2680 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.securityfocus.com/bid/100809

Linux Kernel Bluetooth Subsystem CVE-2017-1000251 Stack Based Buffer Overflow Vulnerability
Patch;Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2017:2683

RHSA-2017:2683 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”. | NVIDIA
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2681

RHSA-2017:2681 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2704

RHSA-2017:2704 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe

Bluetooth: Add configuration support for ERTM and Streaming mode · torvalds/linux@f2fcfcd · GitHub
Patch;Third Party Advisory