CVE-2017-1000251:

CVE-2017-1000251 describes a stack overflow vulnerability in the Linux kernel Bluetooth stack (BlueZ) affecting kernels 2.6.32 through 4.13.1, which can lead to remote code execution in kernel space via processing of L2CAP configuration responses.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.0High

Published Date:Sep 12, 2017
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:3.0
EPSS Percentile:87%

Exploitability

Score:2.1
Attack Vector:ADJACENT_NETWORK
Attack Complexity:LOW
Privileges Required:LOW
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Overview

This CVE documents a remote code execution risk in the Linux kernel's Bluetooth stack (BlueZ) caused by a stack overflow during L2CAP configuration response processing. Affected are Linux kernels from 2.6.32 through 4.13.1. The issue garnered widespread attention and led to numerous vendor advisories and patches (e.g., Red Hat, Debian) and public disclosure resources, underscoring the need to apply firmware and kernel updates and to adjust Bluetooth exposure where possible.

Remediation

Actionable remediation (when patches are available):
Upgrade to a patched kernel and BlueZ package provided by your distribution (e.g., apply the Red Hat advisories RHSA-2017:2732, RHSA-2017:2705, RHSA-2017:2683, RHSA-2017:2704, RHSA-2017:2682, RHSA-2017:2731, and related advisories for 2681, 2679, 2680, 2707; Debian DSA-3981; Synology mitigation, etc.).
Reboot the system after applying updates to ensure the patched kernel and BlueZ are loaded.
Verify that the patched versions are installed by checking package versions against the advisories.
Additional mitigation if patching is not immediately possible:
Disable Bluetooth or remove Bluetooth exposure if not required.
If Bluetooth must remain enabled, configure devices to be non-discoverable and restrict Bluetooth access to trusted hosts and devices.
For containers or virtualized environments, ensure Bluetooth interfaces are not exposed to untrusted workloads.
Monitor security advisories and vulnerability trackers for follow-up guidance and updated patches.
Verification and ongoing hygiene:
After patching, re-scan systems against the BlueBorne/BlueZ advisories and confirm kernel/BlueZ versions reflect the fixes.
Maintain an asset inventory of affected devices and apply updates on a prioritized basis, especially for IoT and edge devices.