Vulnerability Details : CVE-2017-1000251

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Vulnerability category: Memory CorruptionExecute code

Published 2017-09-12 17:29:00

Updated 2023-01-19 15:53:40

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-1000251

Probability of exploitation activity in the next 30 days: 0.89%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-1000251

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.7	HIGH	AV:A/AC:L/Au:S/C:C/I:C/A:C	5.1	10.0	[email protected]
Access Vector: Adjacent Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.1	5.9	[email protected]
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-1000251

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: [email protected] (Primary)

References for CVE-2017-1000251

https://www.kb.cert.org/vuls/id/240311

Third Party Advisory;US Government Resource

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2706

Third Party Advisory
http://www.debian.org/security/2017/dsa-3981

Third Party Advisory

CVEs referencing this url
https://www.armis.com/blueborne

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2732

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2679

Third Party Advisory
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2705

Third Party Advisory
https://www.exploit-db.com/exploits/42762/

Exploit;Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2017:2682

Third Party Advisory
https://access.redhat.com/security/vulnerabilities/blueborne

Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2731

Third Party Advisory
http://www.securitytracker.com/id/1039373

Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2017:2707

Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2680

Third Party Advisory
http://www.securityfocus.com/bid/100809

Patch;Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2017:2683

Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2681

Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2704

Third Party Advisory
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe

Patch;Third Party Advisory

Products affected by CVE-2017-1000251

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 6.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.13 and before (<) 4.13.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.2 and before (<) 4.4.88
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.50
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.19 and before (<) 4.1.45
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.12.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.3 and before (<) 3.16.49
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 2.6.32 and before (<) 3.2.94
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.17 and before (<) 3.18.71
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Nvidia » Jetson Tx1 » Version: R21
cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Jetson Tx1 » Version: R24
cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Jetson Tk1 » Version: R21
cpe:2.3:a:nvidia:jetson_tk1:r21:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Jetson Tk1 » Version: R24
cpe:2.3:a:nvidia:jetson_tk1:r24:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A