exploitDog

CVE-2017-1000251

Опубликовано: 12 сент. 2017

Источник: nvd

CVSS3: 8

CVSS2: 7.7

EPSS Низкий

Описание

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Ссылки

http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Third Party Advisory
http://www.debian.org/security/2017/dsa-3981
Third Party Advisory
http://www.securityfocus.com/bid/100809
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039373
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2679
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2680
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2681
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2682
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2683
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2704
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2705
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2706
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2707
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2731
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2732
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/blueborne
Third Party Advisory
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
Patch
Third Party Advisory
https://www.armis.com/blueborne
Third Party Advisory
https://www.exploit-db.com/exploits/42762/
Exploit
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/240311
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 2.6.32 (включая) до 3.2.94 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.3 (включая) до 3.16.49 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.17 (включая) до 3.18.71 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.19 (включая) до 4.1.45 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.2 (включая) до 4.4.88 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.50 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.12.13 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.13 (включая) до 4.13.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:nvidia:jetson_tk1:r21:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:jetson_tk1:r24:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03466

Низкий

8 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2017-1000251

CVSS3: 8

ubuntu

около 8 лет назад

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVE-2017-1000251

CVSS3: 7.5

redhat

около 8 лет назад

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVE-2017-1000251

CVSS3: 8

debian

около 8 лет назад

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at th ...

SUSE-SU-2017:2794-1

suse-cvrf

около 8 лет назад

Security update for Linux Kernel Live Patch 1 for SLE 12 SP3

SUSE-SU-2017:2548-1

suse-cvrf

около 8 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 87%

0.03466

Низкий

8 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-787