PT-2017-2790 · Linux+5 · Linux Kernel+5

Alon Livne

·

Publicado

2017-09-09

·

Atualizado

2025-09-29

·

CVE-2017-1000251

CVSS v3.1

8.0

Alta

VetorAV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (BlueZ) versions 2.6.32 through 4.13.1
Description The issue is related to a stack overflow vulnerability in the processing of L2CAP configuration responses, which can result in remote code execution in kernel space. This vulnerability is associated with a buffer overflow in the L2CAP module of the BlueZ package, implementing the Bluetooth protocol stack. Exploitation of this vulnerability allows a remote attacker to control the buffer size and execute arbitrary code.
Recommendations For Linux Kernel (BlueZ) versions 2.6.32 through 4.13.1, update to a version later than 4.13.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Exploit

Correção

RCE

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120CWE-787

Identificadores relacionados

ALSA-2025_16880
ALT-PU-2017-2208
ALT-PU-2017-2209
BDU:2017-02053
CESA-2017_2679
CESA-2017_2681
CVE-2017-1000251
DLA-1099-1
DSA-3981-1
ELSA-2017-2679
ELSA-2017-2679-1
ELSA-2017-2681
ELSA-2017-3620
ELSA-2017-3621
ELSA-2017-3622
MGASA-2017-0342
MGASA-2017-0343
MGASA-2017-0344
MGASA-2017-0345
MGASA-2017-0346
MGASA-2017-0347
OPENSUSE-SU-2017_2494-1
OPENSUSE-SU-2017_2495-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2017:2679
RHSA-2017:2680
RHSA-2017:2681
RHSA-2017:2682
RHSA-2017:2683
RHSA-2017:2704
RHSA-2017:2705
RHSA-2017:2706
RHSA-2017:2707
RHSA-2017:2731
RHSA-2017:2732
RHSA-2017_2679
RHSA-2017_2681
RHSA-2017_2704
SUSE-SU-2017:2459-1
SUSE-SU-2017:2521-1
SUSE-SU-2017:2523-1
SUSE-SU-2017:2534-1
SUSE-SU-2017:2548-1
SUSE-SU-2017:2694-1
SUSE-SU-2017:2769-1
SUSE-SU-2017:2770-1
SUSE-SU-2017:2771-1
SUSE-SU-2017:2772-1
SUSE-SU-2017:2773-1
SUSE-SU-2017:2774-1
SUSE-SU-2017:2776-1
SUSE-SU-2017:2777-1
SUSE-SU-2017:2778-1
SUSE-SU-2017:2779-1
SUSE-SU-2017:2780-1
SUSE-SU-2017:2781-1
SUSE-SU-2017:2782-1
SUSE-SU-2017:2783-1
SUSE-SU-2017:2784-1
SUSE-SU-2017:2785-1
SUSE-SU-2017:2786-1
SUSE-SU-2017:2787-1
SUSE-SU-2017:2788-1
SUSE-SU-2017:2790-1
SUSE-SU-2017:2792-1
SUSE-SU-2017:2793-1
SUSE-SU-2017:2794-1
SUSE-SU-2017:2796-1
SUSE-SU-2017:2797-1
SUSE-SU-2017:2798-1
SUSE-SU-2017:2799-1
SUSE-SU-2017:2800-1
SUSE-SU-2017:2801-1
SUSE-SU-2017:2802-1
SUSE-SU-2017:2803-1
SUSE-SU-2017:2804-1
SUSE-SU-2017:2805-1
SUSE-SU-2017:2806-1
SUSE-SU-2017:2807-1
SUSE-SU-2017:2809-1
SUSE-SU-2017:2811-1
SUSE-SU-2017:2816-1
SUSE-SU-2017:2956-1
SUSE-SU-2017_2459-1
SUSE-SU-2017_2521-1
SUSE-SU-2017_2523-1
SUSE-SU-2017_2534-1
SUSE-SU-2017_2548-1
SUSE-SU-2017_2769-1
SUSE-SU-2017_2770-1
SUSE-SU-2017_2771-1
SUSE-SU-2017_2772-1
SUSE-SU-2017_2773-1
SUSE-SU-2017_2774-1
SUSE-SU-2017_2776-1
SUSE-SU-2017_2777-1
SUSE-SU-2017_2778-1
SUSE-SU-2017_2779-1
SUSE-SU-2017_2780-1
SUSE-SU-2017_2781-1
SUSE-SU-2017_2782-1
SUSE-SU-2017_2783-1
SUSE-SU-2017_2784-1
SUSE-SU-2017_2785-1
SUSE-SU-2017_2786-1
SUSE-SU-2017_2787-1
SUSE-SU-2017_2788-1
SUSE-SU-2017_2790-1
SUSE-SU-2017_2792-1
SUSE-SU-2017_2793-1
SUSE-SU-2017_2796-1
SUSE-SU-2017_2797-1
SUSE-SU-2018:0040-1
SUSE-SU-2018_0040-1
USN-3419-1
USN-3419-2
USN-3420-1
USN-3420-2
USN-3422-1
USN-3422-2
USN-3423-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu