CVE-2017-1000251 (NVD)

2017-09-12

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Products Debian_linux, Linux_kernel, Jetson_tk1, Jetson_tx1, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
Type Out-of-bounds Write (CWE-787)
First patch https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
Relevant file/s • ./include/net/bluetooth/l2cap.h (modified, +21, -7)
• ./net/bluetooth/l2cap.c (modified, +234, -28)
Links https://access.redhat.com/security/vulnerabilities/blueborne
https://access.redhat.com/errata/RHSA-2017:2731
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
https://access.redhat.com/errata/RHSA-2017:2732
https://www.armis.com/blueborne

linux - Tree: f2fcfcd670

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)

Patched area: