VDB
DEBIAN-CVE-2017-1000251
DEBIAN-CVE-2017-1000251
PUBLISHED
CVSS 8 HIGH
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | linux | 0, 0, 0 |
| Debian:11 | linux | 0, 0, 0 |
| Debian:13 | linux | 0, 0, 0 |
| Debian:12 | linux | 0, 0, 0 |
Exploit Intelligence
- clone (github-poc-repo)
- own2pwn/blueborne-CVE-2017-1000251-POC (github-poc-repo)
- BlueBorne Exploits & Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities. Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found. Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-1000251) can be found (for Amazon Echo, and Samsung Gear S3). Under 'l2cap_infra' a general testing framework to send and receive raw l2cap messages (us... (github-poc-repo)
- PoC exploit for CVE-2017-1000251 (modified) (github-poc-repo)
- Blueborne CVE-2017-1000251 PoC for linux machines (github-poc-repo)
- Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC) BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS (Crash) only (github-poc-repo)
- Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC) BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS (Crash) only (github-poc)
- PoC exploit for CVE-2017-1000251 (modified) (github-poc)
- own2pwn/blueborne-CVE-2017-1000251-POC (github-poc)
- clone (github-poc)
…and 2 more exploits
Timeline
- Sep 12, 2017 CVE Published
- Apr 28, 2026 CVE Updated