CLD-17 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-1000251 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s) Blueborne

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2017-09-12 17:10:59
Date Last Modified 2017-09-13 23:19:00

Version Specific Information:

Cucumber 1.0 i686 fixed in linux-4.9.50-i686-1
Cucumber 1.0 x86_64 fixed in linux-4.9.50-x86_64-1

Details:

This vulnerability has been dubbed "Blueborne".

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux
kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a
stack overflow vulnerability in the processing of L2CAP configuration responses
resulting in Remote code execution in kernel space
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251).

This vulnerability does not require you to be connected to any network, and it
does not even require you to pair your device with another Bluetooth device. All
it requires is for an attacker to be physically in range of your device
supporting Bluetooth; he can then use this vulnerability to execute arbitrary
code in the kernel space (https://www.youtube.com/watch?v=LLNtZKpL0P8).

Original Analysis (by Armis):
https://www.armis.com/blueborne/

RedHat's Analysis:
https://access.redhat.com/blogs/product-security/posts/blueborne
They claim that the impact of this vulnerability is mitigated if your kernel is
built with Stack Protection, which the Cucumber Linux kernels all are.