[arch-security] [ASA-201709-4] linux-hardened: arbitrary code execution
Arch Linux Security Advisory ASA-201709-4 ========================================= Severity: High Date : 2017-09-13 CVE-ID : CVE-2017-1000251 Package : linux-hardened Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-395 Summary ======= The package linux-hardened before version 4.13.1.b-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 4.13.1.b-1. # pacman -Syu "linux-hardened>=4.13.1.b-1" The problem has been fixed upstream in version 4.13.1.b. Workaround ========== None. Description =========== A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. Impact ====== An unauthenticated attacker able to initiate a connection via Bluetooth is able to crash the system or possibly execute arbitrary code. References ========== https://bugs.archlinux.org/task/55602 https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 https://www.armis.com/blueborne/ https://security.archlinux.org/CVE-2017-1000251
participants (1)
-
Levente Polyak