製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel におけるバッファエラーの脆弱性

Title	Linux Kernel におけるバッファエラーの脆弱性
Summary	Linux Kernel には、バッファエラーの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 12, 2017, midnight
Registration Date	Sept. 28, 2017, 4:36 p.m.
Last Update	Feb. 7, 2018, 4:57 p.m.

CVSS3.0 : 重要
Score	8.8
Vector	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS2.0 : 危険
Score	8.3
Vector	AV:A/AC:L/Au:N/C:C/I:C/A:C

Affected System

日本電気

SystemDirector Enterprise

Linux

Linux Kernel

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-1000251	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
National Vulnerability Database (NVD)
2	CVE-2017-1000251	https://nvd.nist.gov/vuln/detail/CVE-2017-1000251

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Linux Kernel
1	Linux Kernel Archives	http://www.kernel.org
NEC製品セキュリティ情報
2	NV18-001	http://jpn.nec.com/security-info/secinfo/nv18-001.html
Red Hat Customer Portal
3	Blueborne - Linux Kernel Remote Denial of Service in Bluetooth subsystem - CVE-2017-1000251	https://access.redhat.com/security/vulnerabilities/blueborne

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Bluetooth の実装における複数の脆弱性について	https://www.ipa.go.jp/security/ciadr/vul/20170914_blueborne.html
JPCERT 注意喚起
2	JPCERT-AT-2017-0037	https://www.jpcert.or.jp/at/2017/at170037.html
JVN
3	JVNVU#95513538	http://jvn.jp/vu/JVNVU95513538/index.html
US-CERT Vulnerability Note
4	VU#240311	https://www.kb.cert.org/vuls/id/240311

Change Log

No	Changed Details	Date of change
0	[2017年09月28日] 掲載 [2018年02月07日] ベンダ情報：日本電気 (NV18-001) を追加影響を受けるシステム：ベンダ情報の追加に伴い内容を更新	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-1000251

Summary	The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Publication Date	Sept. 13, 2017, 2:29 a.m.
Registration Date	Jan. 26, 2021, 1:11 p.m.
Last Update	Nov. 21, 2024, 12:04 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	2.6.32			3.2.94
cpe:2.3:o:linux:linux_kernel::::::::	3.3			3.16.49
cpe:2.3:o:linux:linux_kernel::::::::	3.17			3.18.71
cpe:2.3:o:linux:linux_kernel::::::::	3.19			4.1.45
cpe:2.3:o:linux:linux_kernel::::::::	4.2			4.4.88
cpe:2.3:o:linux:linux_kernel::::::::	4.5			4.9.50
cpe:2.3:o:linux:linux_kernel::::::::	4.10			4.12.13
cpe:2.3:o:linux:linux_kernel::::::::	4.13			4.13.2

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:nvidia:jetson_tk1:r21:::::::*
cpe:2.3:a:nvidia:jetson_tk1:r24:::::::*
cpe:2.3:a:nvidia:jetson_tx1:r21:::::::*
cpe:2.3:a:nvidia:jetson_tx1:r24:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*

Related information, measures and tools

No	URL	タグ
1	http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Third Party Advisory
2	http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Third Party Advisory
3	http://www.debian.org/security/2017/dsa-3981	Third Party Advisory
4	http://www.debian.org/security/2017/dsa-3981	Third Party Advisory
5	http://www.securityfocus.com/bid/100809	Patch Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/100809	Patch Third Party Advisory VDB Entry
7	http://www.securitytracker.com/id/1039373	Third Party Advisory VDB Entry
8	http://www.securitytracker.com/id/1039373	Third Party Advisory VDB Entry
9	https://access.redhat.com/errata/RHSA-2017:2679	Third Party Advisory
10	https://access.redhat.com/errata/RHSA-2017:2679	Third Party Advisory
11	https://access.redhat.com/errata/RHSA-2017:2680	Third Party Advisory
12	https://access.redhat.com/errata/RHSA-2017:2680	Third Party Advisory
13	https://access.redhat.com/errata/RHSA-2017:2681	Third Party Advisory
14	https://access.redhat.com/errata/RHSA-2017:2681	Third Party Advisory
15	https://access.redhat.com/errata/RHSA-2017:2682	Third Party Advisory
16	https://access.redhat.com/errata/RHSA-2017:2682	Third Party Advisory
17	https://access.redhat.com/errata/RHSA-2017:2683	Third Party Advisory
18	https://access.redhat.com/errata/RHSA-2017:2683	Third Party Advisory
19	https://access.redhat.com/errata/RHSA-2017:2704	Third Party Advisory
20	https://access.redhat.com/errata/RHSA-2017:2704	Third Party Advisory
21	https://access.redhat.com/errata/RHSA-2017:2705	Third Party Advisory
22	https://access.redhat.com/errata/RHSA-2017:2705	Third Party Advisory
23	https://access.redhat.com/errata/RHSA-2017:2706	Third Party Advisory
24	https://access.redhat.com/errata/RHSA-2017:2706	Third Party Advisory
25	https://access.redhat.com/errata/RHSA-2017:2707	Third Party Advisory
26	https://access.redhat.com/errata/RHSA-2017:2707	Third Party Advisory
27	https://access.redhat.com/errata/RHSA-2017:2731	Third Party Advisory
28	https://access.redhat.com/errata/RHSA-2017:2731	Third Party Advisory
29	https://access.redhat.com/errata/RHSA-2017:2732	Third Party Advisory
30	https://access.redhat.com/errata/RHSA-2017:2732	Third Party Advisory
31	https://access.redhat.com/security/vulnerabilities/blueborne	Third Party Advisory
32	https://access.redhat.com/security/vulnerabilities/blueborne	Third Party Advisory
33	https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe	Patch Third Party Advisory
34	https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe	Patch Third Party Advisory
35	https://www.armis.com/blueborne	Third Party Advisory
36	https://www.armis.com/blueborne	Third Party Advisory
37	https://www.exploit-db.com/exploits/42762/	Exploit Third Party Advisory VDB Entry
38	https://www.exploit-db.com/exploits/42762/	Exploit Third Party Advisory VDB Entry
39	https://www.kb.cert.org/vuls/id/240311	Third Party Advisory US Government Resource
40	https://www.kb.cert.org/vuls/id/240311	Third Party Advisory US Government Resource
41	https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne	Third Party Advisory
42	https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*