CVE-2017-1000251

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000251
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000251.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000251
Downstream
Related
Published
2017-09-12T17:29:00Z
Modified
2025-10-15T08:41:20.294985Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

References

Affected packages

Git / github.com/torvalds/linux

Affected ranges

Type
GIT
Repo
https://github.com/torvalds/linux
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f2fcfcd670257236ebf2088bbdf26f6a8ef459fe

Affected versions

v2.*

v2.6.12
v2.6.12-rc2
v2.6.12-rc3
v2.6.12-rc4
v2.6.12-rc5
v2.6.12-rc6
v2.6.13
v2.6.13-rc1
v2.6.13-rc2
v2.6.13-rc3
v2.6.13-rc4
v2.6.13-rc5
v2.6.13-rc6
v2.6.13-rc7
v2.6.14
v2.6.14-rc1
v2.6.14-rc2
v2.6.14-rc3
v2.6.14-rc4
v2.6.14-rc5
v2.6.15
v2.6.15-rc1
v2.6.15-rc2
v2.6.15-rc3
v2.6.15-rc4
v2.6.15-rc5
v2.6.15-rc6
v2.6.15-rc7
v2.6.16
v2.6.16-rc1
v2.6.16-rc2
v2.6.16-rc3
v2.6.16-rc4
v2.6.16-rc5
v2.6.16-rc6
v2.6.17
v2.6.17-rc1
v2.6.17-rc2
v2.6.17-rc3
v2.6.17-rc4
v2.6.17-rc5
v2.6.17-rc6
v2.6.18
v2.6.18-rc1
v2.6.18-rc2
v2.6.18-rc3
v2.6.18-rc4
v2.6.18-rc5
v2.6.18-rc6
v2.6.18-rc7
v2.6.19
v2.6.19-rc1
v2.6.19-rc2
v2.6.19-rc3
v2.6.19-rc4
v2.6.19-rc5
v2.6.19-rc6
v2.6.20
v2.6.20-rc1
v2.6.20-rc2
v2.6.20-rc3
v2.6.20-rc4
v2.6.20-rc5
v2.6.20-rc6
v2.6.20-rc7
v2.6.21
v2.6.21-rc1
v2.6.21-rc2
v2.6.21-rc3
v2.6.21-rc4
v2.6.21-rc5
v2.6.21-rc6
v2.6.21-rc7
v2.6.22
v2.6.22-rc1
v2.6.22-rc2
v2.6.22-rc3
v2.6.22-rc4
v2.6.22-rc5
v2.6.22-rc6
v2.6.22-rc7
v2.6.23
v2.6.23-rc1
v2.6.23-rc2
v2.6.23-rc3
v2.6.23-rc4
v2.6.23-rc5
v2.6.23-rc6
v2.6.23-rc7
v2.6.23-rc8
v2.6.23-rc9
v2.6.24
v2.6.24-rc1
v2.6.24-rc2
v2.6.24-rc3
v2.6.24-rc4
v2.6.24-rc5
v2.6.24-rc6
v2.6.24-rc7
v2.6.24-rc8
v2.6.25
v2.6.25-rc1
v2.6.25-rc2
v2.6.25-rc3
v2.6.25-rc4
v2.6.25-rc5
v2.6.25-rc6
v2.6.25-rc7
v2.6.25-rc8
v2.6.25-rc9
v2.6.26
v2.6.26-rc1
v2.6.26-rc2
v2.6.26-rc3
v2.6.26-rc4
v2.6.26-rc5
v2.6.26-rc6
v2.6.26-rc7
v2.6.26-rc8
v2.6.26-rc9
v2.6.27
v2.6.27-rc1
v2.6.27-rc2
v2.6.27-rc3
v2.6.27-rc4
v2.6.27-rc5
v2.6.27-rc6
v2.6.27-rc7
v2.6.27-rc8
v2.6.27-rc9
v2.6.28
v2.6.28-rc1
v2.6.28-rc2
v2.6.28-rc3
v2.6.28-rc4
v2.6.28-rc5
v2.6.28-rc6
v2.6.28-rc7
v2.6.28-rc8
v2.6.28-rc9
v2.6.29
v2.6.29-rc1
v2.6.29-rc2
v2.6.29-rc3
v2.6.29-rc4
v2.6.29-rc5
v2.6.29-rc6
v2.6.29-rc7
v2.6.29-rc8
v2.6.30
v2.6.30-rc1
v2.6.30-rc2
v2.6.30-rc3
v2.6.30-rc4
v2.6.30-rc5
v2.6.30-rc6
v2.6.30-rc7
v2.6.30-rc8
v2.6.31-rc1
v2.6.31-rc2
v2.6.31-rc3
v2.6.31-rc4
v2.6.31-rc5

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1232.0,
            "function_hash": "68155943268927176878412780390894213086"
        },
        "signature_type": "Function",
        "target": {
            "function": "l2cap_config_rsp",
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-0f7c754a"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321901177579041039215557754963147629508",
                "265368582112369674447480448683901018350",
                "190641196133547692211198645057242761049",
                "217447420097326406559207357289186099410",
                "59834207942885176207991766556662878605",
                "304876136598854137006045156736691177281",
                "133301674632125487546987659908340906691",
                "61294491862357852293968062238645444203",
                "93568577962259760599504055927794899012",
                "14881359214756657971315332082704720461",
                "75424836953537947075979504500590217530",
                "335933701788536731633583733158662453245"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "include/net/bluetooth/l2cap.h"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-29e6196a"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "5924632198214420461610953551110348891",
                "141924211009875908990964181124200564260",
                "23869763585075345607891978429900565640",
                "200918229760095047815318254448168666895",
                "5924632198214420461610953551110348891",
                "141924211009875908990964181124200564260",
                "23869763585075345607891978429900565640",
                "200918229760095047815318254448168666895",
                "233463871404026385051301588885788812612",
                "9596366131538109798517731157940369473",
                "116053715729080709288730471017371226170",
                "15634605036401760303132202800389294894",
                "300972153962021424826328343818920911579",
                "36622469741121125645348811320455991304",
                "72372326092712333078545513900261934068",
                "318924473363312641431496160175942461192",
                "321685675738587435991093948509247841781",
                "179033900278968915979052666227922773448",
                "20819938836236920535546404954547207906",
                "39675178076626015377501658165309401196",
                "31750644442376560210270290906820416437",
                "225117548740205542754032025837199044383",
                "24206482765438196891778048355850639438",
                "142863452729445962489996980013529367805",
                "128529738982581997645742794788346520914",
                "64316191952517346883424070911925115278",
                "250728207247787426663057531211097613087",
                "328133981786396760283385490450329581783",
                "182116321135574989308761571851823618180",
                "190575220424611532345001233452278930387",
                "40629484462977529829735206169228774142",
                "316530943608535760509560957719238809559",
                "92668575221371679165773705750542312007",
                "176935814896257136876121819790504267675",
                "117032826149461623972157635023670145000",
                "148843138150459273770079488105576149222",
                "237768266218087667850162618933422219715",
                "122646965524832799551085121895639703140",
                "4413297929446201251377429992660378929",
                "193871070322225915968046920699834342372",
                "123922893311628308964316929156411397603",
                "173168528627011003525061357527447122091",
                "18187347886918009344863412273100261209",
                "301935174488344996392696845588355477528",
                "312295511470657470281012233013184116917",
                "290861069320911652328978964345060714324",
                "176497056270687624533729710126411325695",
                "233866467193918358477001857877950991777",
                "14693623470036712439440906987799952994",
                "150907023466678597807229538289755730211",
                "97142838057690284640495457765704815379",
                "176938168287116219341701534588540594156",
                "306357831069420298407584480806935803292",
                "207727855757850697530664873912194502252",
                "194972675849755747630538554016353071235",
                "3578945273702065987670456259731797738",
                "124893096044664528981456379286488289536",
                "60135282529958467911815924197745675628",
                "68831300917299175424618923999722819710",
                "130372187619537569859076935826501022900",
                "79159362448994623497891425829602342608",
                "106601822235608310523857128004700393238",
                "275498076532905733740062063979104363663",
                "236773838146403216057049580838634190116",
                "12541981945025450082845829424013537154",
                "226299983837117083771925047759575149614",
                "96981985369592597407611461389668653172",
                "65035428442754257858195168272680708089",
                "85632063274615148686532786007993068692",
                "302125929047446743905592766974019859484"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-34a35460"
    },
    {
        "digest": {
            "length": 985.0,
            "function_hash": "212358415550620649527001214551090145168"
        },
        "signature_type": "Function",
        "target": {
            "function": "l2cap_sock_listen",
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-3996c584"
    },
    {
        "digest": {
            "length": 1478.0,
            "function_hash": "261279042443346429226862724343221655488"
        },
        "signature_type": "Function",
        "target": {
            "function": "l2cap_parse_conf_req",
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-3baa4d4c"
    },
    {
        "digest": {
            "length": 1107.0,
            "function_hash": "279158474557177051712897630231310246875"
        },
        "signature_type": "Function",
        "target": {
            "function": "l2cap_connect_rsp",
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-4bbc6809"
    },
    {
        "digest": {
            "length": 1573.0,
            "function_hash": "303553636760772789547191755470160249696"
        },
        "signature_type": "Function",
        "target": {
            "function": "l2cap_config_req",
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-912d03e8"
    },
    {
        "digest": {
            "length": 897.0,
            "function_hash": "192961088496574241976112059688663283138"
        },
        "signature_type": "Function",
        "target": {
            "function": "l2cap_build_conf_req",
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-a0c43c05"
    },
    {
        "digest": {
            "length": 1179.0,
            "function_hash": "182066098571948350529086938451134175816"
        },
        "signature_type": "Function",
        "target": {
            "function": "l2cap_sock_connect",
            "file": "net/bluetooth/l2cap.c"
        },
        "deprecated": false,
        "source": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe",
        "signature_version": "v1",
        "id": "CVE-2017-1000251-d1b99613"
    }
]