Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-1000251
HistorySep 12, 2017 - 12:00 a.m.

CVE-2017-1000251

2017-09-1200:00:00
ubuntu.com
ubuntu.com
25

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.2%

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the
Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable
to a stack overflow vulnerability in the processing of L2CAP configuration
responses resulting in Remote code execution in kernel space.

Notes

Author Note
sbeattie stack-based buffer overflow; stack-protector kernel configuration should result in this being limited to a remote denial of service. initial report claimed introduced in 0e8b207e8a44, but possible vuln code path introduced in f2fcfcd67 cloudy kernels are much lower priority, since they typically don’t have bluetooth as a threat.
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-132.181UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-96.119UNKNOWN
ubuntu17.04noarchlinux< 4.10.0-35.39UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1035.44UNKNOWN
ubuntu16.04noarchlinux-azure< 4.13.0-1005.7UNKNOWN
ubuntu16.04noarchlinux-gcp< 4.10.0-1006.6UNKNOWN
ubuntu16.04noarchlinux-gke< 4.4.0-1031.31UNKNOWN
ubuntu16.04noarchlinux-hwe< 4.10.0-35.39~16.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe-edge< 4.10.0-35.39~16.04.1UNKNOWN
ubuntu18.04noarchlinux-hwe-edge< 4.18.0-8.9~18.04.1UNKNOWN
Rows per page:
1-10 of 171

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.2%

Related for UB:CVE-2017-1000251