CVE-2017-1000251

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000251
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000251.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000251
Downstream
Related
Published
2017-09-12T17:29:00Z
Modified
2025-09-16T06:41:45.929161Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/torvalds/linux

Affected ranges

Type
GIT
Repo
https://github.com/torvalds/linux
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f2fcfcd670257236ebf2088bbdf26f6a8ef459fe

Affected versions

v2.*

v2.6.12
v2.6.12-rc2
v2.6.12-rc3
v2.6.12-rc4
v2.6.12-rc5
v2.6.12-rc6
v2.6.13
v2.6.13-rc1
v2.6.13-rc2
v2.6.13-rc3
v2.6.13-rc4
v2.6.13-rc5
v2.6.13-rc6
v2.6.13-rc7
v2.6.14
v2.6.14-rc1
v2.6.14-rc2
v2.6.14-rc3
v2.6.14-rc4
v2.6.14-rc5
v2.6.15
v2.6.15-rc1
v2.6.15-rc2
v2.6.15-rc3
v2.6.15-rc4
v2.6.15-rc5
v2.6.15-rc6
v2.6.15-rc7
v2.6.16
v2.6.16-rc1
v2.6.16-rc2
v2.6.16-rc3
v2.6.16-rc4
v2.6.16-rc5
v2.6.16-rc6
v2.6.17
v2.6.17-rc1
v2.6.17-rc2
v2.6.17-rc3
v2.6.17-rc4
v2.6.17-rc5
v2.6.17-rc6
v2.6.18
v2.6.18-rc1
v2.6.18-rc2
v2.6.18-rc3
v2.6.18-rc4
v2.6.18-rc5
v2.6.18-rc6
v2.6.18-rc7
v2.6.19
v2.6.19-rc1
v2.6.19-rc2
v2.6.19-rc3
v2.6.19-rc4
v2.6.19-rc5
v2.6.19-rc6
v2.6.20
v2.6.20-rc1
v2.6.20-rc2
v2.6.20-rc3
v2.6.20-rc4
v2.6.20-rc5
v2.6.20-rc6
v2.6.20-rc7
v2.6.21
v2.6.21-rc1
v2.6.21-rc2
v2.6.21-rc3
v2.6.21-rc4
v2.6.21-rc5
v2.6.21-rc6
v2.6.21-rc7
v2.6.22
v2.6.22-rc1
v2.6.22-rc2
v2.6.22-rc3
v2.6.22-rc4
v2.6.22-rc5
v2.6.22-rc6
v2.6.22-rc7
v2.6.23
v2.6.23-rc1
v2.6.23-rc2
v2.6.23-rc3
v2.6.23-rc4
v2.6.23-rc5
v2.6.23-rc6
v2.6.23-rc7
v2.6.23-rc8
v2.6.23-rc9
v2.6.24
v2.6.24-rc1
v2.6.24-rc2
v2.6.24-rc3
v2.6.24-rc4
v2.6.24-rc5
v2.6.24-rc6
v2.6.24-rc7
v2.6.24-rc8
v2.6.25
v2.6.25-rc1
v2.6.25-rc2
v2.6.25-rc3
v2.6.25-rc4
v2.6.25-rc5
v2.6.25-rc6
v2.6.25-rc7
v2.6.25-rc8
v2.6.25-rc9
v2.6.26
v2.6.26-rc1
v2.6.26-rc2
v2.6.26-rc3
v2.6.26-rc4
v2.6.26-rc5
v2.6.26-rc6
v2.6.26-rc7
v2.6.26-rc8
v2.6.26-rc9
v2.6.27
v2.6.27-rc1
v2.6.27-rc2
v2.6.27-rc3
v2.6.27-rc4
v2.6.27-rc5
v2.6.27-rc6
v2.6.27-rc7
v2.6.27-rc8
v2.6.27-rc9
v2.6.28
v2.6.28-rc1
v2.6.28-rc2
v2.6.28-rc3
v2.6.28-rc4
v2.6.28-rc5
v2.6.28-rc6
v2.6.28-rc7
v2.6.28-rc8
v2.6.28-rc9
v2.6.29
v2.6.29-rc1
v2.6.29-rc2
v2.6.29-rc3
v2.6.29-rc4
v2.6.29-rc5
v2.6.29-rc6
v2.6.29-rc7
v2.6.29-rc8
v2.6.30
v2.6.30-rc1
v2.6.30-rc2
v2.6.30-rc3
v2.6.30-rc4
v2.6.30-rc5
v2.6.30-rc6
v2.6.30-rc7
v2.6.30-rc8
v2.6.31-rc1
v2.6.31-rc2
v2.6.31-rc3
v2.6.31-rc4
v2.6.31-rc5

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "68155943268927176878412780390894213086",
                "length": 1232.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-0f7c754a",
            "signature_type": "Function",
            "target": {
                "file": "net/bluetooth/l2cap.c",
                "function": "l2cap_config_rsp"
            }
        },
        {
            "digest": {
                "line_hashes": [
                    "321901177579041039215557754963147629508",
                    "265368582112369674447480448683901018350",
                    "190641196133547692211198645057242761049",
                    "217447420097326406559207357289186099410",
                    "59834207942885176207991766556662878605",
                    "304876136598854137006045156736691177281",
                    "133301674632125487546987659908340906691",
                    "61294491862357852293968062238645444203",
                    "93568577962259760599504055927794899012",
                    "14881359214756657971315332082704720461",
                    "75424836953537947075979504500590217530",
                    "335933701788536731633583733158662453245"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-29e6196a",
            "signature_type": "Line",
            "target": {
                "file": "include/net/bluetooth/l2cap.h"
            }
        },
        {
            "digest": {
                "line_hashes": [
                    "5924632198214420461610953551110348891",
                    "141924211009875908990964181124200564260",
                    "23869763585075345607891978429900565640",
                    "200918229760095047815318254448168666895",
                    "5924632198214420461610953551110348891",
                    "141924211009875908990964181124200564260",
                    "23869763585075345607891978429900565640",
                    "200918229760095047815318254448168666895",
                    "233463871404026385051301588885788812612",
                    "9596366131538109798517731157940369473",
                    "116053715729080709288730471017371226170",
                    "15634605036401760303132202800389294894",
                    "300972153962021424826328343818920911579",
                    "36622469741121125645348811320455991304",
                    "72372326092712333078545513900261934068",
                    "318924473363312641431496160175942461192",
                    "321685675738587435991093948509247841781",
                    "179033900278968915979052666227922773448",
                    "20819938836236920535546404954547207906",
                    "39675178076626015377501658165309401196",
                    "31750644442376560210270290906820416437",
                    "225117548740205542754032025837199044383",
                    "24206482765438196891778048355850639438",
                    "142863452729445962489996980013529367805",
                    "128529738982581997645742794788346520914",
                    "64316191952517346883424070911925115278",
                    "250728207247787426663057531211097613087",
                    "328133981786396760283385490450329581783",
                    "182116321135574989308761571851823618180",
                    "190575220424611532345001233452278930387",
                    "40629484462977529829735206169228774142",
                    "316530943608535760509560957719238809559",
                    "92668575221371679165773705750542312007",
                    "176935814896257136876121819790504267675",
                    "117032826149461623972157635023670145000",
                    "148843138150459273770079488105576149222",
                    "237768266218087667850162618933422219715",
                    "122646965524832799551085121895639703140",
                    "4413297929446201251377429992660378929",
                    "193871070322225915968046920699834342372",
                    "123922893311628308964316929156411397603",
                    "173168528627011003525061357527447122091",
                    "18187347886918009344863412273100261209",
                    "301935174488344996392696845588355477528",
                    "312295511470657470281012233013184116917",
                    "290861069320911652328978964345060714324",
                    "176497056270687624533729710126411325695",
                    "233866467193918358477001857877950991777",
                    "14693623470036712439440906987799952994",
                    "150907023466678597807229538289755730211",
                    "97142838057690284640495457765704815379",
                    "176938168287116219341701534588540594156",
                    "306357831069420298407584480806935803292",
                    "207727855757850697530664873912194502252",
                    "194972675849755747630538554016353071235",
                    "3578945273702065987670456259731797738",
                    "124893096044664528981456379286488289536",
                    "60135282529958467911815924197745675628",
                    "68831300917299175424618923999722819710",
                    "130372187619537569859076935826501022900",
                    "79159362448994623497891425829602342608",
                    "106601822235608310523857128004700393238",
                    "275498076532905733740062063979104363663",
                    "236773838146403216057049580838634190116",
                    "12541981945025450082845829424013537154",
                    "226299983837117083771925047759575149614",
                    "96981985369592597407611461389668653172",
                    "65035428442754257858195168272680708089",
                    "85632063274615148686532786007993068692",
                    "302125929047446743905592766974019859484"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-34a35460",
            "signature_type": "Line",
            "target": {
                "file": "net/bluetooth/l2cap.c"
            }
        },
        {
            "digest": {
                "function_hash": "212358415550620649527001214551090145168",
                "length": 985.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-3996c584",
            "signature_type": "Function",
            "target": {
                "file": "net/bluetooth/l2cap.c",
                "function": "l2cap_sock_listen"
            }
        },
        {
            "digest": {
                "function_hash": "261279042443346429226862724343221655488",
                "length": 1478.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-3baa4d4c",
            "signature_type": "Function",
            "target": {
                "file": "net/bluetooth/l2cap.c",
                "function": "l2cap_parse_conf_req"
            }
        },
        {
            "digest": {
                "function_hash": "279158474557177051712897630231310246875",
                "length": 1107.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-4bbc6809",
            "signature_type": "Function",
            "target": {
                "file": "net/bluetooth/l2cap.c",
                "function": "l2cap_connect_rsp"
            }
        },
        {
            "digest": {
                "function_hash": "303553636760772789547191755470160249696",
                "length": 1573.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-912d03e8",
            "signature_type": "Function",
            "target": {
                "file": "net/bluetooth/l2cap.c",
                "function": "l2cap_config_req"
            }
        },
        {
            "digest": {
                "function_hash": "192961088496574241976112059688663283138",
                "length": 897.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-a0c43c05",
            "signature_type": "Function",
            "target": {
                "file": "net/bluetooth/l2cap.c",
                "function": "l2cap_build_conf_req"
            }
        },
        {
            "digest": {
                "function_hash": "182066098571948350529086938451134175816",
                "length": 1179.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
            "id": "CVE-2017-1000251-d1b99613",
            "signature_type": "Function",
            "target": {
                "file": "net/bluetooth/l2cap.c",
                "function": "l2cap_sock_connect"
            }
        }
    ]
}