Vulnerability Details : CVE-2017-15868
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
Vulnerability category: Input validation
Products affected by CVE-2017-15868
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Threat overview for CVE-2017-15868
Top countries where our scanners detected CVE-2017-15868
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2017-15868 22,845
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-15868!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-15868
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15868
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-15868
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-15868
-
https://patchwork.kernel.org/patch/9882449/
[3.18,12/50] Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket - PatchworkPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/102084
Linux Kernel CVE-2017-15868 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2018/dsa-4082
Debian -- Security Information -- DSA-4082-1 linuxThird Party Advisory
-
https://usn.ubuntu.com/3583-1/
USN-3583-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/71bb99a02b32b4cc4265118e85f6035ca72923f0
Bluetooth: bnep: bnep_add_connection() should verify that it's dealin… · torvalds/linux@71bb99a · GitHubIssue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
[security-announce] SUSE-SU-2018:0011-1: important: Security update forMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
[SECURITY] [DLA 1200-1] linux security updateMailing List;Third Party Advisory
-
https://source.android.com/security/bulletin/pixel/2017-12-01
Pixel / Nexus Security Bulletin—December 2017 | Android Open Source ProjectThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71bb99a02b32b4cc4265118e85f6035ca72923f0
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://usn.ubuntu.com/3583-2/
USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to