Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-1000251

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow21 documents9 sources
Severity
8.0HIGH
EPSS
3.0%
top 13.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Linux Linux KernelDebian Debian LinuxNvidia Jetson TK1+7 more
Timeline
PublishedSep 12
Latest updateMay 13

Description

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages15 packages

NVDlinux/linux_kernel2.6.323.2.94+7
Debianlinux< 4.12.13-1+3
Ubuntulinux< 3.13.0-132.181+1
Ubuntulinux-aws< 4.4.0-1035.44
Ubuntulinux-gke< 4.4.0-1031.31

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.2, 6.4, 6.6, 7.2, 7.3, 7.4, 7.6, 7.7, 6.7, 7.5, 6.5

Patches

Patch: www.securityfocus.comPatch: github.comPatch: www.securityfocus.com

🔴Vulnerability Details

7
GHSA
GHSA-qhfx-x9j9-g24p: The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 22022-05-13
OSV
linux-lts-xenial vulnerabilities2017-09-18
OSV
linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2017-09-18
OSV
linux vulnerabilities2017-09-18
OSV
linux-hwe vulnerabilities2017-09-18

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)2017-09-21

📋Vendor Advisories

9
Ubuntu
Linux kernel vulnerabilities2017-09-18
Ubuntu
Linux kernel vulnerabilities2017-09-18
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2017-09-18
Ubuntu
Linux kernel (HWE) vulnerabilities2017-09-18
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2017-09-18

💬Community

3
Bugzilla
CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack [fedora-all]2017-09-12
Bugzilla
CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack [fedora-all]2017-09-12
Bugzilla
CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack2017-09-08
CVE-2017-1000251 (HIGH CVSS 8) | The native Bluetooth stack in the L | cvebase.io