National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-1000251 Detail

Current Description

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Source:  MITRE      Last Modified:  12/05/2017      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2017-1000251
Original release date:
09/12/2017
Last revised:
02/16/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
8.8 High
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (legend)
Impact Score:
5.9
Exploitability Score:
2.8
CVSS Version 3 Metrics:
Attack Vector (AV):
Adjacent
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
CVSS Severity (version 2.0):
CVSS v2 Base Score:
8.3 HIGH
Vector:
(AV:A/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
6.5
CVSS Version 2 Metrics:
Access Vector:
Local network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 Third Party Advisory External Source CONFIRM http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3981 Third Party Advisory External Source DEBIAN DSA-3981
http://www.securityfocus.com/bid/100809 Patch; Third Party Advisory; VDB Entry External Source BID 100809
http://www.securitytracker.com/id/1039373 Third Party Advisory; VDB Entry External Source SECTRACK 1039373
https://access.redhat.com/errata/RHSA-2017:2679 Third Party Advisory External Source REDHAT RHSA-2017:2679
https://access.redhat.com/errata/RHSA-2017:2680 Third Party Advisory External Source REDHAT RHSA-2017:2680
https://access.redhat.com/errata/RHSA-2017:2681 Third Party Advisory External Source REDHAT RHSA-2017:2681
https://access.redhat.com/errata/RHSA-2017:2682 Third Party Advisory External Source REDHAT RHSA-2017:2682
https://access.redhat.com/errata/RHSA-2017:2683 Third Party Advisory External Source REDHAT RHSA-2017:2683
https://access.redhat.com/errata/RHSA-2017:2704 Third Party Advisory External Source REDHAT RHSA-2017:2704
https://access.redhat.com/errata/RHSA-2017:2705 Third Party Advisory External Source REDHAT RHSA-2017:2705
https://access.redhat.com/errata/RHSA-2017:2706 Third Party Advisory External Source REDHAT RHSA-2017:2706
https://access.redhat.com/errata/RHSA-2017:2707 Third Party Advisory External Source REDHAT RHSA-2017:2707
https://access.redhat.com/errata/RHSA-2017:2731 Third Party Advisory External Source REDHAT RHSA-2017:2731
https://access.redhat.com/errata/RHSA-2017:2732 Third Party Advisory External Source REDHAT RHSA-2017:2732
https://access.redhat.com/security/vulnerabilities/blueborne Third Party Advisory External Source CONFIRM https://access.redhat.com/security/vulnerabilities/blueborne
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe Third Party Advisory External Source MISC https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
https://www.armis.com/blueborne Third Party Advisory External Source MISC https://www.armis.com/blueborne
https://www.exploit-db.com/exploits/42762/ Exploit; Third Party Advisory; VDB Entry External Source EXPLOIT-DB 42762
https://www.kb.cert.org/vuls/id/240311 Third Party Advisory; US Government Resource External Source CERT-VN VU#240311
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne External Source CONFIRM https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:2.6.32:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.24:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.25:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.26:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.27:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.28:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.29:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.30:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.31:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.32:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.33:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.34:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.35:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.36:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.37:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.38:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.39:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.40:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.41:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.42:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.43:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.44:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.45:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.46:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.47:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.48:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.49:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.50:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.51:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.52:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.53:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.54:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.55:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.56:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.57:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32.58:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.33.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*
Configuration 2
Showing 100 of 1200 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 12 change records found - show changes