8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.7 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
81.2%
Severity: High
Date : 2017-09-13
CVE-ID : CVE-2017-1000251
Package : linux-hardened
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-395
The package linux-hardened before version 4.13.1.b-1 is vulnerable to
arbitrary code execution.
Upgrade to 4.13.1.b-1.
The problem has been fixed upstream in version 4.13.1.b.
None.
A stack buffer overflow flaw was found in the way the Bluetooth
subsystem of the Linux kernel processed pending L2CAP configuration
responses from a client. On systems with the stack protection feature
enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on
all architectures), an unauthenticated attacker able to initiate a
connection to a system via Bluetooth could use this flaw to crash the
system. Due to the nature of the stack protection feature, code
execution cannot be fully ruled out, although it is unlikely. On
systems without the stack protection feature, an unauthenticated
attacker able to initiate a connection to a system via Bluetooth could
use this flaw to remotely execute arbitrary code on the system with
ring 0 (kernel) privileges.
An unauthenticated attacker able to initiate a connection via Bluetooth
is able to crash the system or possibly execute arbitrary code.
https://bugs.archlinux.org/task/55602
https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
https://www.armis.com/blueborne/
https://security.archlinux.org/CVE-2017-1000251
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | linux-hardened | < 4.13.1.b-1 | UNKNOWN |
8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.7 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
81.2%