CVE-2017-1000410:
An information leak in the Linux kernel’s Bluetooth L2CAP configuration parsing (CVE-2017-1000410) allows uninitialized stack data to be exposed, potentially bypassing KASLR and stack canaries and, in combination with CVE-2017-1000251, enabling an RCE under certain builds.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.5High- Published Date:Dec 7, 2017
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:1.9
- EPSS Percentile:83%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:3.6
- Confidentiality Impact:HIGH
- Integrity Impact:NONE
- Availability Impact:NONE
Description Preview
An information leak in the Linux kernel’s Bluetooth L2CAP configuration parsing (CVE-2017-1000410) allows uninitialized stack data to be exposed, potentially bypassing KASLR and stack canaries and, in combination with CVE-2017-1000251, enabling an RCE under certain builds.
Overview
This CVE describes an information-leak weakness in the Linux kernel’s Bluetooth L2CAP configuration parsing that stems from using an uninitialized stack variable when processing ConfigRequest and ConfigResponse messages. An attacker can influence the input flow to cause uninitialized data to be returned, potentially exposing 16 bytes of kernel memory. The leak can undermine protections such as KASLR and stack canaries and, in conjunction with a related remote code execution vulnerability, may contribute to a full exploit on vulnerable kernels.
Remediation
- Apply the vendor-supplied kernel security updates that fix CVE-2017-1000410. This includes updating to the patched kernel version provided by your distribution (e.g., Debian, Red Hat, Ubuntu) and rebooting the system.
- If a patched kernel is not immediately available, mitigate exposure by disabling Bluetooth functionality or restricting Bluetooth device exposure on affected systems (e.g., stop and disable the Bluetooth service, unload Bluetooth kernel modules if Bluetooth is not required).
- After applying updates, verify that the kernel version includes the fix (check package version and changelog or patch metadata) and that rebooted systems are running the patched kernel.
- Where feasible, perform an authenticated security scan or verification to confirm the vulnerability is mitigated in deployed kernels and validate that L2CAP handling paths no longer allow uninitialized data leakage.
- Consider applying defense-in-depth measures for Bluetooth exposure in enterprise environments (network-level access controls, limiting Bluetooth-enabled devices, and monitoring for suspicious Bluetooth configuration activity).
References
- - [oss-security] 20171206 Info Leak in the Linux Kernel via Bluetooth, http://seclists.org/oss-sec/2017/q4/357
- - DSA-4082, Debian security advisory, https://www.debian.org/security/2018/dsa-4082
- - RHSA-2018:1062, Red Hat advisory, https://access.redhat.com/errata/RHSA-2018:1062
- - RHSA-2018:0654, Red Hat advisory, https://access.redhat.com/errata/RHSA-2018:0654
- - RHSA-2018:1319, Red Hat advisory, https://access.redhat.com/errata/RHSA-2018:1319
- - RHSA-2018:0676, Red Hat advisory, https://access.redhat.com/errata/RHSA-2018:0676
- - RHSA-2018:1170, Red Hat advisory, https://access.redhat.com/errata/RHSA-2018:1170
- - RHSA-2018:1130, Red Hat advisory, https://access.redhat.com/errata/RHSA-2018:1130
- - DSA-4073, Debian security advisory, https://www.debian.org/security/2017/dsa-4073
- - 102101, BID entry, http://www.securityfocus.com/bid/102101
- - USN-3933-2, Ubuntu security advisory, https://usn.ubuntu.com/3933-2/
- - USN-3933-1, Ubuntu security advisory, https://usn.ubuntu.com/3933-1/
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
