CVE-2017-13220 — Type Confusion in INC Android

CWE-843 — Type Confusion11 documents8 sources

Severity

7.8HIGHNVD

OSV8.8

EPSS

0.1%

top 73.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Google INC Android

Timeline

PublishedJan 12

Latest updateMay 13

Description

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google_inc/androidAndroid kernel

▶Debianlinux/linux_kernel< 4.0.2-1+3

▶Ubuntulinux/linux_kernel< 3.13.0-149.199

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-gpx4-fq76-5fj9: An elevation of privilege vulnerability in the Upstream kernel bluez↗2022-05-13

▶

OSV

linux vulnerabilities↗2018-05-22

▶

CVEList

CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez↗2018-01-12

▶

OSV

CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez↗2018-01-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2018-05-22

▶

Ubuntu

Linux kernel vulnerabilities↗2018-05-22

▶

Red Hat

kernel: Possible out-of-bound access in Bluetooth subsystem↗2018-01-02

▶

Debian

CVE-2017-13220: linux - An elevation of privilege vulnerability in the Upstream kernel bluez. Product: A...↗2017

▶

💬Community

Bugzilla

CVE-2017-13220 kernel: bluez: Elevation of privilege (EoP) in the Upstream Kernel [fedora-all]↗2018-01-22

▶

Bugzilla

CVE-2017-13220 kernel: Possible out-of-bound access in Bluetooth subsystem↗2018-01-18

▶