CVE-2017-1000251

Priority
Description
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the
Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable
to a stack overflow vulnerability in the processing of L2CAP configuration
responses resulting in Remote code execution in kernel space.
Ubuntu-Description
It was discovered that a buffer overflow existed in the Bluetooth stack of
the Linux kernel when handling L2CAP configuration responses. A physically
proximate attacker could use this to cause a denial of service (system
crash).
Notes
sbeattiestack-based buffer overflow; stack-protector kernel
configuration should result in this being limited to a remote
denial of service.
initial report claimed introduced in 0e8b207e8a44, but
possible vuln code path introduced in f2fcfcd67
cloudy kernels are much lower priority, since they typically
don't have bluetooth as a threat.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.2.0-131.177)
Ubuntu 14.04 ESM (Trusty Tahr):released (3.13.0-132.181)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-96.119)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.13.0-16.19)
Patches:
Introduced by
f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
Fixed by
e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.4.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1035.44)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1001.1)
Package
Priority: Low
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.15.0-1023.24~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1005.7)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1002.2)
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-9019.20)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.10.0-1006.6)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1001.1)
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1031.31)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.10.0-35.39~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.10.0-35.39~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-8.9~18.04.1)
Product
linux-krillin:ignored (was needed now end-of-life)
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1007.12)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1002.2)
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-132.181~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [was needs-triage now end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-96.119~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.13.0-1008.9)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1002.3)
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1074.82)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.13.0-1005.5)
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1076.81)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Package
Upstream:released (4.14~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Product
linux-vegetahd:ignored (was needed now end-of-life)
More Information

Updated: 2019-12-05 18:47:25 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)