CVE-2017-1000251

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4561

http://www.debian.org/security/2017/dsa-3981

http://www.securityfocus.com/bid/100809

http://www.securitytracker.com/id/1039373

https://access.redhat.com/errata/RHSA-2017:2679

https://access.redhat.com/errata/RHSA-2017:2680

https://access.redhat.com/errata/RHSA-2017:2681

https://access.redhat.com/errata/RHSA-2017:2682

https://access.redhat.com/errata/RHSA-2017:2683

https://access.redhat.com/errata/RHSA-2017:2704

https://access.redhat.com/errata/RHSA-2017:2705

https://access.redhat.com/errata/RHSA-2017:2706

https://access.redhat.com/errata/RHSA-2017:2707

https://access.redhat.com/errata/RHSA-2017:2731

https://access.redhat.com/errata/RHSA-2017:2732

https://access.redhat.com/security/vulnerabilities/blueborne

https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe

https://www.armis.com/blueborne

https://www.exploit-db.com/exploits/42762/

https://www.kb.cert.org/vuls/id/240311

https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Details

Source: MITRE

Published: 2017-09-12

Updated: 2020-06-03

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.7

Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.1

Severity: HIGH

CVSS v3

Base Score: 8

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.1

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 2.6.32 to 4.13.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:nvidia:jetson_tk1:r21:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:jetson_tk1:r24:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (78 total)

IDNameProductFamilySeverity
127351NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0113)NessusNewStart CGSL Local Security Checks
high
124986EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)NessusHuawei Local Security Checks
high
124821EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)NessusHuawei Local Security Checks
high
106469OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)NessusOracleVM Local Security Checks
critical
105685SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
105248OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracleVM Local Security Checks
high
105247Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659)NessusOracle Linux Local Security Checks
high
105147OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)NessusOracleVM Local Security Checks
high
105145Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658)NessusOracle Linux Local Security Checks
high
105144Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)NessusOracle Linux Local Security Checks
high
104703Virtuozzo 7 : readykernel-patch (VZA-2017-086)NessusVirtuozzo Local Security Checks
high
104578EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1245)NessusHuawei Local Security Checks
high
104180Amazon Linux AMI : kernel (ALAS-2017-914) (BlueBorne)NessusAmazon Linux Local Security Checks
high
104097SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2797-1) (BlueBorne)NessusSuSE Local Security Checks
high
104096SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2796-1) (BlueBorne)NessusSuSE Local Security Checks
high
104095SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2793-1) (BlueBorne)NessusSuSE Local Security Checks
high
104094SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2792-1) (BlueBorne)NessusSuSE Local Security Checks
high
104088Oracle Linux 7 : kernel (ELSA-2017-2930-1) (BlueBorne)NessusOracle Linux Local Security Checks
high
104029SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2790-1) (BlueBorne)NessusSuSE Local Security Checks
high
104028SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2788-1) (BlueBorne)NessusSuSE Local Security Checks
high
104027SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2787-1) (BlueBorne)NessusSuSE Local Security Checks
high
104026SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2786-1) (BlueBorne)NessusSuSE Local Security Checks
high
104025SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2785-1) (BlueBorne)NessusSuSE Local Security Checks
high
104024SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2784-1) (BlueBorne)NessusSuSE Local Security Checks
high
104023SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2783-1) (BlueBorne)NessusSuSE Local Security Checks
high
104022SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2782-1) (BlueBorne)NessusSuSE Local Security Checks
high
104021SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2781-1) (BlueBorne)NessusSuSE Local Security Checks
high
104020SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2780-1) (BlueBorne)NessusSuSE Local Security Checks
high
104019SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2779-1) (BlueBorne)NessusSuSE Local Security Checks
high
104018SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2778-1) (BlueBorne)NessusSuSE Local Security Checks
high
104017SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2777-1) (BlueBorne)NessusSuSE Local Security Checks
high
104016SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2776-1) (BlueBorne)NessusSuSE Local Security Checks
high
104014SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2774-1) (BlueBorne)NessusSuSE Local Security Checks
high
104013SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2773-1) (BlueBorne)NessusSuSE Local Security Checks
high
104012SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2772-1) (BlueBorne)NessusSuSE Local Security Checks
high
104011SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2771-1) (BlueBorne)NessusSuSE Local Security Checks
high
104010SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2770-1) (BlueBorne)NessusSuSE Local Security Checks
high
104009SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2769-1) (BlueBorne)NessusSuSE Local Security Checks
high
103468Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-085)NessusVirtuozzo Local Security Checks
high
103415SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2548-1) (BlueBorne)NessusSuSE Local Security Checks
high
103404OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0152) (BlueBorne) (Stack Clash)NessusOracleVM Local Security Checks
high
103403OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0151) (BlueBorne)NessusOracleVM Local Security Checks
high
103402Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622)NessusOracle Linux Local Security Checks
high
103401Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621)NessusOracle Linux Local Security Checks
high
103394Fedora 25 : kernel (2017-e07d7fb18e) (BlueBorne)NessusFedora Local Security Checks
high
103371SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2534-1) (BlueBorne)NessusSuSE Local Security Checks
high
103365Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)NessusDebian Local Security Checks
high
103363Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)NessusDebian Local Security Checks
high
103348Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3620)NessusOracle Linux Local Security Checks
high
103326Ubuntu 14.04 LTS : linux vulnerabilities (USN-3422-1) (BlueBorne)NessusUbuntu Local Security Checks
high
103324Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3420-2) (BlueBorne)NessusUbuntu Local Security Checks
critical
103323Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3420-1) (BlueBorne)NessusUbuntu Local Security Checks
critical
103322Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3419-2) (BlueBorne)NessusUbuntu Local Security Checks
high
103321Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3419-1) (BlueBorne)NessusUbuntu Local Security Checks
high
103318SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2523-1) (BlueBorne)NessusSuSE Local Security Checks
high
103316SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2521-1) (BlueBorne)NessusSuSE Local Security Checks
high
103288openSUSE Security Update : the Linux Kernel (openSUSE-2017-1063) (BlueBorne)NessusSuSE Local Security Checks
high
103287openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)NessusSuSE Local Security Checks
high
103264Fedora 26 : kernel (2017-7369ea045c) (BlueBorne)NessusFedora Local Security Checks
high
103256Slackware 14.1 / 14.2 / current : kernel (SSA:2017-258-02) (BlueBorne)NessusSlackware Local Security Checks
high
103245SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2459-1) (BlueBorne)NessusSuSE Local Security Checks
high
103243RHEL 6 : kernel (RHSA-2017:2732) (BlueBorne)NessusRed Hat Local Security Checks
critical
103242RHEL 6 : kernel (RHSA-2017:2731) (BlueBorne)NessusRed Hat Local Security Checks
high
103239RHEL 6 : MRG (RHSA-2017:2705) (BlueBorne)NessusRed Hat Local Security Checks
high
103208RHEL 6 : kernel (RHSA-2017:2707) (BlueBorne)NessusRed Hat Local Security Checks
high
103207RHEL 7 : kernel (RHSA-2017:2706) (BlueBorne)NessusRed Hat Local Security Checks
high
103206RHEL 7 : kernel-rt (RHSA-2017:2704) (BlueBorne)NessusRed Hat Local Security Checks
high
103196CentOS 7 : kernel (CESA-2017:2679) (BlueBorne)NessusCentOS Local Security Checks
high
103175Scientific Linux Security Update : kernel on SL7.x x86_64 (20170912) (BlueBorne)NessusScientific Linux Local Security Checks
high
103174Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170912) (BlueBorne)NessusScientific Linux Local Security Checks
high
103171RHEL 6 : kernel (RHSA-2017:2683) (BlueBorne)NessusRed Hat Local Security Checks
high
103170RHEL 6 : kernel (RHSA-2017:2682) (BlueBorne)NessusRed Hat Local Security Checks
high
103169RHEL 6 : kernel (RHSA-2017:2681) (BlueBorne)NessusRed Hat Local Security Checks
high
103168RHEL 7 : kernel (RHSA-2017:2680) (BlueBorne)NessusRed Hat Local Security Checks
high
103167RHEL 7 : kernel (RHSA-2017:2679) (BlueBorne)NessusRed Hat Local Security Checks
high
103165Oracle Linux 6 : kernel (ELSA-2017-2681)NessusOracle Linux Local Security Checks
high
103164Oracle Linux 7 : kernel (ELSA-2017-2679)NessusOracle Linux Local Security Checks
high
103144CentOS 6 : kernel (CESA-2017:2681) (BlueBorne)NessusCentOS Local Security Checks
high