CVE-2017-15868: Input Validation
First published: Tue Dec 05 2017(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=3.2<3.2.97 | |
| Linux Linux kernel | >=3.3<3.10.108 | |
| Linux Linux kernel | >=3.11<3.16.52 | |
| Linux Linux kernel | >=3.17<3.18.64 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Debian Debian Linux | =8.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71bb99a02b32b4cc4265118e85f6035ca72923f0
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://www.securityfocus.com/bid/102084
- https://github.com/torvalds/linux/commit/71bb99a02b32b4cc4265118e85f6035ca72923f0
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9882449/
- https://source.android.com/security/bulletin/pixel/2017-12-01
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://www.debian.org/security/2018/dsa-4082
- https://launchpad.net/bugs/cve/CVE-2017-15868
- https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0
- https://security-tracker.debian.org/tracker/CVE-2017-15868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15868
- https://nvd.nist.gov/vuln/detail/CVE-2017-15868
- https://ubuntu.com/security/CVE-2017-15868
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2017-15868.
What is the title of the vulnerability?
The title of the vulnerability is 'The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.'
What is the description of the vulnerability?
The vulnerability allows local users to gain privileges via a crafted application by exploiting the bnep_add_connection function in the Linux kernel before version 3.19.
What software versions are affected?
The affected software versions are Linux kernel versions before 3.19.
Are there any references for this vulnerability?
Yes, you can find references for this vulnerability at the following links: [Reference 1](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71bb99a02b32b4cc4265118e85f6035ca72923f0), [Reference 2](https://github.com/torvalds/linux/commit/71bb99a02b32b4cc4265118e85f6035ca72923f0), [Reference 3](https://patchwork.kernel.org/patch/9882449/)
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.2
- version/linux linux kernel/3.3
- version/linux linux kernel/3.11
- version/linux linux kernel/3.17
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- package-manager/debian