{"id":"CVE-2017-1000251","details":"The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.","modified":"2026-04-16T01:41:18.740088655Z","published":"2017-09-12T17:29:00.227Z","related":["SUSE-SU-2017:2459-1","SUSE-SU-2017:2521-1","SUSE-SU-2017:2523-1","SUSE-SU-2017:2534-1","SUSE-SU-2017:2548-1","SUSE-SU-2017:2694-1","SUSE-SU-2017:2769-1","SUSE-SU-2017:2770-1","SUSE-SU-2017:2771-1","SUSE-SU-2017:2772-1","SUSE-SU-2017:2773-1","SUSE-SU-2017:2774-1","SUSE-SU-2017:2776-1","SUSE-SU-2017:2777-1","SUSE-SU-2017:2778-1","SUSE-SU-2017:2779-1","SUSE-SU-2017:2780-1","SUSE-SU-2017:2781-1","SUSE-SU-2017:2782-1","SUSE-SU-2017:2783-1","SUSE-SU-2017:2784-1","SUSE-SU-2017:2785-1","SUSE-SU-2017:2786-1","SUSE-SU-2017:2787-1","SUSE-SU-2017:2788-1","SUSE-SU-2017:2790-1","SUSE-SU-2017:2792-1","SUSE-SU-2017:2793-1","SUSE-SU-2017:2794-1","SUSE-SU-2017:2796-1","SUSE-SU-2017:2797-1","SUSE-SU-2017:2798-1","SUSE-SU-2017:2799-1","SUSE-SU-2017:2800-1","SUSE-SU-2017:2801-1","SUSE-SU-2017:2802-1","SUSE-SU-2017:2803-1","SUSE-SU-2017:2804-1","SUSE-SU-2017:2805-1","SUSE-SU-2017:2806-1","SUSE-SU-2017:2807-1","SUSE-SU-2017:2809-1","SUSE-SU-2017:2811-1","SUSE-SU-2017:2816-1","SUSE-SU-2017:2956-1","SUSE-SU-2018:0040-1","openSUSE-SU-2024:10728-1","openSUSE-SU-2024:13704-1"],"references":[{"type":"WEB","url":"https://www.kb.cert.org/vuls/id/240311"},{"type":"ADVISORY","url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3981"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100809"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039373"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2679"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2680"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2681"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2682"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2683"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2704"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2705"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2706"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2707"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2731"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2732"},{"type":"ADVISORY","url":"https://access.redhat.com/security/vulnerabilities/blueborne"},{"type":"ADVISORY","url":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"},{"type":"ADVISORY","url":"https://www.armis.com/blueborne"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/42762/"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/240311"},{"type":"ADVISORY","url":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"},{"type":"FIX","url":"http://www.securityfocus.com/bid/100809"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/42762/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/torvalds/linux","events":[{"introduced":"0"},{"fixed":"f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"}]}],"versions":["v2.6.12","v2.6.12-rc2","v2.6.12-rc3","v2.6.12-rc4","v2.6.12-rc5","v2.6.12-rc6","v2.6.13","v2.6.13-rc1","v2.6.13-rc2","v2.6.13-rc3","v2.6.13-rc4","v2.6.13-rc5","v2.6.13-rc6","v2.6.13-rc7","v2.6.14","v2.6.14-rc1","v2.6.14-rc2","v2.6.14-rc3","v2.6.14-rc4","v2.6.14-rc5","v2.6.15","v2.6.15-rc1","v2.6.15-rc2","v2.6.15-rc3","v2.6.15-rc4","v2.6.15-rc5","v2.6.15-rc6","v2.6.15-rc7","v2.6.16","v2.6.16-rc1","v2.6.16-rc2","v2.6.16-rc3","v2.6.16-rc4","v2.6.16-rc5","v2.6.16-rc6","v2.6.17","v2.6.17-rc1","v2.6.17-rc2","v2.6.17-rc3","v2.6.17-rc4","v2.6.17-rc5","v2.6.17-rc6","v2.6.18","v2.6.18-rc1","v2.6.18-rc2","v2.6.18-rc3","v2.6.18-rc4","v2.6.18-rc5","v2.6.18-rc6","v2.6.18-rc7","v2.6.19","v2.6.19-rc1","v2.6.19-rc2","v2.6.19-rc3","v2.6.19-rc4","v2.6.19-rc5","v2.6.19-rc6","v2.6.20","v2.6.20-rc1","v2.6.20-rc2","v2.6.20-rc3","v2.6.20-rc4","v2.6.20-rc5","v2.6.20-rc6","v2.6.20-rc7","v2.6.21","v2.6.21-rc1","v2.6.21-rc2","v2.6.21-rc3","v2.6.21-rc4","v2.6.21-rc5","v2.6.21-rc6","v2.6.21-rc7","v2.6.22","v2.6.22-rc1","v2.6.22-rc2","v2.6.22-rc3","v2.6.22-rc4","v2.6.22-rc5","v2.6.22-rc6","v2.6.22-rc7","v2.6.23","v2.6.23-rc1","v2.6.23-rc2","v2.6.23-rc3","v2.6.23-rc4","v2.6.23-rc5","v2.6.23-rc6","v2.6.23-rc7","v2.6.23-rc8","v2.6.23-rc9","v2.6.24","v2.6.24-rc1","v2.6.24-rc2","v2.6.24-rc3","v2.6.24-rc4","v2.6.24-rc5","v2.6.24-rc6","v2.6.24-rc7","v2.6.24-rc8","v2.6.25","v2.6.25-rc1","v2.6.25-rc2","v2.6.25-rc3","v2.6.25-rc4","v2.6.25-rc5","v2.6.25-rc6","v2.6.25-rc7","v2.6.25-rc8","v2.6.25-rc9","v2.6.26","v2.6.26-rc1","v2.6.26-rc2","v2.6.26-rc3","v2.6.26-rc4","v2.6.26-rc5","v2.6.26-rc6","v2.6.26-rc7","v2.6.26-rc8","v2.6.26-rc9","v2.6.27","v2.6.27-rc1","v2.6.27-rc2","v2.6.27-rc3","v2.6.27-rc4","v2.6.27-rc5","v2.6.27-rc6","v2.6.27-rc7","v2.6.27-rc8","v2.6.27-rc9","v2.6.28","v2.6.28-rc1","v2.6.28-rc2","v2.6.28-rc3","v2.6.28-rc4","v2.6.28-rc5","v2.6.28-rc6","v2.6.28-rc7","v2.6.28-rc8","v2.6.28-rc9","v2.6.29","v2.6.29-rc1","v2.6.29-rc2","v2.6.29-rc3","v2.6.29-rc4","v2.6.29-rc5","v2.6.29-rc6","v2.6.29-rc7","v2.6.29-rc8","v2.6.30","v2.6.30-rc1","v2.6.30-rc2","v2.6.30-rc3","v2.6.30-rc4","v2.6.30-rc5","v2.6.30-rc6","v2.6.30-rc7","v2.6.30-rc8","v2.6.31-rc1","v2.6.31-rc2","v2.6.31-rc3","v2.6.31-rc4","v2.6.31-rc5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000251.json","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"l2cap_config_rsp","file":"net/bluetooth/l2cap.c"},"id":"CVE-2017-1000251-0f7c754a","digest":{"function_hash":"68155943268927176878412780390894213086","length":1232},"source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"include/net/bluetooth/l2cap.h"},"id":"CVE-2017-1000251-29e6196a","digest":{"threshold":0.9,"line_hashes":["321901177579041039215557754963147629508","265368582112369674447480448683901018350","190641196133547692211198645057242761049","217447420097326406559207357289186099410","59834207942885176207991766556662878605","304876136598854137006045156736691177281","133301674632125487546987659908340906691","61294491862357852293968062238645444203","93568577962259760599504055927794899012","14881359214756657971315332082704720461","75424836953537947075979504500590217530","335933701788536731633583733158662453245"]},"source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"},{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"net/bluetooth/l2cap.c"},"id":"CVE-2017-1000251-34a35460","digest":{"threshold":0.9,"line_hashes":["5924632198214420461610953551110348891","141924211009875908990964181124200564260","23869763585075345607891978429900565640","200918229760095047815318254448168666895","5924632198214420461610953551110348891","141924211009875908990964181124200564260","23869763585075345607891978429900565640","200918229760095047815318254448168666895","233463871404026385051301588885788812612","9596366131538109798517731157940369473","116053715729080709288730471017371226170","15634605036401760303132202800389294894","300972153962021424826328343818920911579","36622469741121125645348811320455991304","72372326092712333078545513900261934068","318924473363312641431496160175942461192","321685675738587435991093948509247841781","179033900278968915979052666227922773448","20819938836236920535546404954547207906","39675178076626015377501658165309401196","31750644442376560210270290906820416437","225117548740205542754032025837199044383","24206482765438196891778048355850639438","142863452729445962489996980013529367805","128529738982581997645742794788346520914","64316191952517346883424070911925115278","250728207247787426663057531211097613087","328133981786396760283385490450329581783","182116321135574989308761571851823618180","190575220424611532345001233452278930387","40629484462977529829735206169228774142","316530943608535760509560957719238809559","92668575221371679165773705750542312007","176935814896257136876121819790504267675","117032826149461623972157635023670145000","148843138150459273770079488105576149222","237768266218087667850162618933422219715","122646965524832799551085121895639703140","4413297929446201251377429992660378929","193871070322225915968046920699834342372","123922893311628308964316929156411397603","173168528627011003525061357527447122091","18187347886918009344863412273100261209","301935174488344996392696845588355477528","312295511470657470281012233013184116917","290861069320911652328978964345060714324","176497056270687624533729710126411325695","233866467193918358477001857877950991777","14693623470036712439440906987799952994","150907023466678597807229538289755730211","97142838057690284640495457765704815379","176938168287116219341701534588540594156","306357831069420298407584480806935803292","207727855757850697530664873912194502252","194972675849755747630538554016353071235","3578945273702065987670456259731797738","124893096044664528981456379286488289536","60135282529958467911815924197745675628","68831300917299175424618923999722819710","130372187619537569859076935826501022900","79159362448994623497891425829602342608","106601822235608310523857128004700393238","275498076532905733740062063979104363663","236773838146403216057049580838634190116","12541981945025450082845829424013537154","226299983837117083771925047759575149614","96981985369592597407611461389668653172","65035428442754257858195168272680708089","85632063274615148686532786007993068692","302125929047446743905592766974019859484"]},"source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"},{"deprecated":false,"source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe","signature_version":"v1","id":"CVE-2017-1000251-3996c584","digest":{"function_hash":"212358415550620649527001214551090145168","length":985},"target":{"function":"l2cap_sock_listen","file":"net/bluetooth/l2cap.c"},"signature_type":"Function"},{"deprecated":false,"source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe","signature_type":"Function","id":"CVE-2017-1000251-3baa4d4c","digest":{"function_hash":"261279042443346429226862724343221655488","length":1478},"target":{"function":"l2cap_parse_conf_req","file":"net/bluetooth/l2cap.c"},"signature_version":"v1"},{"signature_version":"v1","source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe","signature_type":"Function","target":{"function":"l2cap_connect_rsp","file":"net/bluetooth/l2cap.c"},"id":"CVE-2017-1000251-4bbc6809","digest":{"function_hash":"279158474557177051712897630231310246875","length":1107},"deprecated":false},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"l2cap_config_req","file":"net/bluetooth/l2cap.c"},"id":"CVE-2017-1000251-912d03e8","digest":{"function_hash":"303553636760772789547191755470160249696","length":1573},"source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe"},{"signature_version":"v1","source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe","signature_type":"Function","target":{"function":"l2cap_build_conf_req","file":"net/bluetooth/l2cap.c"},"id":"CVE-2017-1000251-a0c43c05","digest":{"function_hash":"192961088496574241976112059688663283138","length":897},"deprecated":false},{"signature_version":"v1","source":"https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe","signature_type":"Function","target":{"function":"l2cap_sock_connect","file":"net/bluetooth/l2cap.c"},"id":"CVE-2017-1000251-d1b99613","digest":{"function_hash":"182066098571948350529086938451134175816","length":1179},"deprecated":false}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}