[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-1000251Date: (C)2017-09-14   (M)2024-03-26


The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.0CVSS Score : 7.7
Exploit Score: 2.1Exploit Score: 5.1
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: ADJACENT_NETWORKAccess Vector: ADJACENT_NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-100809
SECTRACK-1039373
EXPLOIT-DB-42762
DSA-3981
RHSA-2017:2679
RHSA-2017:2680
RHSA-2017:2681
RHSA-2017:2682
RHSA-2017:2683
RHSA-2017:2704
RHSA-2017:2705
RHSA-2017:2706
RHSA-2017:2707
RHSA-2017:2731
RHSA-2017:2732
VU#240311
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
https://access.redhat.com/security/vulnerabilities/blueborne
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
https://www.armis.com/blueborne
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

CWE    1
CWE-787
OVAL    32
oval:org.secpod.oval:def:89044828
oval:org.secpod.oval:def:502135
oval:org.secpod.oval:def:51893
oval:org.secpod.oval:def:204554
...

© SecPod Technologies