Wind River Support Network

HomeDefectsLIN8-7757
Fixed

LIN8-7757 : Security Advisory - bluez - CVE-2017-1000250

Created: Sep 14, 2017    Updated: Dec 3, 2018
Resolved Date: Sep 22, 2017
Found In Version: 8.0.0.21
Fix Version: 8.0.0.22
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

https://nvd.nist.gov/vuln/detail/CVE-2017-1000250

The fix:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09

Other Downloads


CVEs


Live chat
Online