Vulnerability CVE-2017-1000251


Published: 2017-09-12

Description:
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Linux Kernel <= 4.13.1 BlueTooth Buffer Overflow (PoC)
Marcin Kozlowski
22.09.2017

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Linux
Product: Linux kernel 
Version:
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.44
4.9.43
4.9.42
4.9.41
4.9.40
4.9.4
4.9.39
4.9.38
4.9.37
4.9.36
4.9.35
4.9.34
4.9.33
4.9.32
4.9.31
4.9.30
4.9.3
4.9.29
4.9.28
4.9.27
4.9.26
4.9.25
4.9.24
4.9.23
4.9.22
4.9.21
4.9.20
4.9.2
4.9.19
4.9.18
4.9.17
4.9.16
4.9.15
4.9.14
4.9.13
4.9.12
4.9.11
4.9.10
4.9.1
4.9
4.8.9
4.8.8
4.8.7
4.8.6
4.8.5
4.8.4
4.8.3
4.8.2
4.8.17
4.8.16
4.8.15
4.8.14
4.8.13
4.8.12
4.8.11
4.8.10
4.8.1
4.8
4.7.9
4.7.6
4.7.4
4.7.3
4.7
4.6.7
4.6.6
4.6.5
4.6.4
4.6.3
4.6.2
4.6.1
4.6
4.5.7
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.83
4.4.82
4.4.81
4.4.80
4.4.8
4.4.79
4.4.78
4.4.77
4.4.76
4.4.75
4.4.74
4.4.73
4.4.72
4.4.71
See more versions on NVD

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.3/10
10/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3981
http://www.securityfocus.com/bid/100809
http://www.securitytracker.com/id/1039373
https://access.redhat.com/errata/RHSA-2017:2679
https://access.redhat.com/errata/RHSA-2017:2680
https://access.redhat.com/errata/RHSA-2017:2681
https://access.redhat.com/errata/RHSA-2017:2682
https://access.redhat.com/errata/RHSA-2017:2683
https://access.redhat.com/errata/RHSA-2017:2704
https://access.redhat.com/errata/RHSA-2017:2705
https://access.redhat.com/errata/RHSA-2017:2706
https://access.redhat.com/errata/RHSA-2017:2707
https://access.redhat.com/errata/RHSA-2017:2731
https://access.redhat.com/errata/RHSA-2017:2732
https://access.redhat.com/security/vulnerabilities/blueborne
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
https://www.armis.com/blueborne
https://www.exploit-db.com/exploits/42762/
https://www.kb.cert.org/vuls/id/240311
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Related CVE
CVE-2018-11508
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
CVE-2018-11506
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes...
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a d...
CVE-2018-1000199
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptra...
CVE-2018-1108
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
CVE-2017-18270
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
CVE-2018-11232
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2018-1087
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS ...

Copyright 2018, cxsecurity.com

 

Back to Top