ALT-PU-2017-2209-1 — kernel-image-un-def

BDU:2017-02053

HIGH8.0

Уязвимость компонента модуля L2CAP пакета программ, реализующих стек протоколов Bluetooth, позволяющая нарушителю выполнить произвольный код

Published: 2017-09-15Modified: 2024-12-03

CVSS 3.xHIGH 8.0

CVSS:3.x/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.7

CVSS:2.0/AV:A/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2017-1000251
CERT VU: 240311
RHSA-2017:2679
RHSA-2017:2680
RHSA-2017:2681
RHSA-2017:2682
RHSA-2017:2683
RHSA-2017:2704
RHSA-2017:2705
RHSA-2017:2706
RHSA-2017:2707

CVE-2017-1000251

HIGH8.0

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Published: 2017-09-12Modified: 2025-04-20

CVSS 2.0HIGH 7.7

CVSS:2.0/AV:A/AC:L/Au:S/C:C/I:C/A:C

CVSS 3.xHIGH 8.0

CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3981
http://www.securityfocus.com/bid/100809
http://www.securitytracker.com/id/1039373
https://access.redhat.com/errata/RHSA-2017:2679
https://access.redhat.com/errata/RHSA-2017:2680
https://access.redhat.com/errata/RHSA-2017:2681
https://access.redhat.com/errata/RHSA-2017:2682
https://access.redhat.com/errata/RHSA-2017:2683
https://access.redhat.com/errata/RHSA-2017:2704
https://access.redhat.com/errata/RHSA-2017:2705
https://access.redhat.com/errata/RHSA-2017:2706
https://access.redhat.com/errata/RHSA-2017:2707
https://access.redhat.com/errata/RHSA-2017:2731
https://access.redhat.com/errata/RHSA-2017:2732
https://access.redhat.com/security/vulnerabilities/blueborne
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
https://www.armis.com/blueborne
https://www.exploit-db.com/exploits/42762/
https://www.kb.cert.org/vuls/id/240311
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3981
http://www.securityfocus.com/bid/100809
http://www.securitytracker.com/id/1039373
https://access.redhat.com/errata/RHSA-2017:2679
https://access.redhat.com/errata/RHSA-2017:2680
https://access.redhat.com/errata/RHSA-2017:2681
https://access.redhat.com/errata/RHSA-2017:2682
https://access.redhat.com/errata/RHSA-2017:2683
https://access.redhat.com/errata/RHSA-2017:2704
https://access.redhat.com/errata/RHSA-2017:2705
https://access.redhat.com/errata/RHSA-2017:2706
https://access.redhat.com/errata/RHSA-2017:2707
https://access.redhat.com/errata/RHSA-2017:2731
https://access.redhat.com/errata/RHSA-2017:2732
https://access.redhat.com/security/vulnerabilities/blueborne
https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
https://www.armis.com/blueborne
https://www.exploit-db.com/exploits/42762/
https://www.kb.cert.org/vuls/id/240311
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Package update kernel-image-un-def in branch sisyphus

Closed issues (3)

Уязвимость компонента модуля L2CAP пакета программ, реализующих стек протоколов Bluetooth, позволяющая нарушителю выполнить произвольный код

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.