CVE-2017-1000251

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.
Group Package Affected Fixed Severity Status Ticket
AVG-395 linux-hardened 4.13.1.a-1 4.13.1.b-1 High Fixed FS#55602
AVG-394 linux-zen 4.13.1-1.1 4.13.2-1 High Fixed FS#55601
AVG-393 linux-lts 4.9.49-1 4.9.49-2 High Fixed FS#55601
AVG-392 linux 4.12.12-1 4.12.13-1 High Fixed FS#55601
Date Advisory Group Package Severity Description
15 Sep 2017 ASA-201709-9 AVG-392 linux High arbitrary code execution
14 Sep 2017 ASA-201709-8 AVG-393 linux-lts High arbitrary code execution
13 Sep 2017 ASA-201709-4 AVG-395 linux-hardened High arbitrary code execution
18 Sep 2017 ASA-201709-12 AVG-394 linux-zen High arbitrary code execution
References
https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
https://www.armis.com/blueborne/