Home > Vulnerability Database > CVE-2017-1000251

Mend.io Vulnerability Database

CVE-2017-1000251

Good to know:

Date: September 12, 2017

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Language: C

Severity Score

8.0

Related Resources (25)

Url: https://www.exploit-db.com/exploits/42762/

Url: https://www.armis.com/blueborne

Url: https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Url: https://access.redhat.com/errata/RHSA-2017:2681

Url: https://access.redhat.com/errata/RHSA-2017:2680

Url: https://access.redhat.com/errata/RHSA-2017:2683

Url: https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe

Url: https://access.redhat.com/errata/RHSA-2017:2682

Url: https://access.redhat.com/errata/RHSA-2017:2731

Url: http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000251

Url: https://access.redhat.com/security/cve/CVE-2017-1000251

Url: https://access.redhat.com/errata/RHSA-2017:2732

Url: http://www.debian.org/security/2017/dsa-3981

Url: https://access.redhat.com/errata/RHSA-2017:2679

Url: https://access.redhat.com/errata/RHSA-2017:2704

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-1000251

Url: https://access.redhat.com/errata/RHSA-2017:2706

Url: https://access.redhat.com/errata/RHSA-2017:2705

Url: http://www.securityfocus.com/bid/100809

Url: https://access.redhat.com/errata/RHSA-2017:2707

Url: https://access.redhat.com/security/vulnerabilities/blueborne

Url: https://www.kb.cert.org/vuls/id/240311

Url: http://www.securitytracker.com/id/1039373

Url: https://www.mend.io/vulnerability-database/CVE-2017-1000251

Severity Score

8.0

Weakness Type (CWE)

Buffer Errors

CWE-119

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version v4.14-rc1

Learn More

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.7
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-1000251

Good to know:

Date: September 12, 2017

Language: C

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?