CVE-2017-1000251
high-risk
Published 2017-09-12
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Do I need to act?
~
3.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (20)
Jetson Tk1
Jetson Tk1
Jetson Tx1
References (42)
Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Third Party Advisory
http://www.debian.org/security/2017/dsa-3981
Third Party Advisory
http://www.securitytracker.com/id/1039373
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2679
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2680
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2681
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2682
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2683
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2704
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2705
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2706
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2707
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2731
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2732
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/blueborne
Third Party Advisory
https://www.armis.com/blueborne
Third Party Advisory
https://www.kb.cert.org/vuls/id/240311
and 22 more references
54
/ 100
high-risk
Severity
25/34 · High
Exploitability
6/34 · Minimal
Exposure
23/34 · High