vulnerability
Oracle Linux: CVE-2017-1000250: ELSA-2017-2685: bluez security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:L/Au:N/C:P/I:N/A:N) | Sep 12, 2017 | Sep 13, 2017 | Dec 3, 2025 |
Severity
3
CVSS
(AV:A/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 12, 2017
Added
Sep 13, 2017
Modified
Dec 3, 2025
Description
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.
Solutions
oracle-linux-upgrade-bluezoracle-linux-upgrade-bluez-alsaoracle-linux-upgrade-bluez-compatoracle-linux-upgrade-bluez-cupsoracle-linux-upgrade-bluez-gstreameroracle-linux-upgrade-bluez-hid2hcioracle-linux-upgrade-bluez-libsoracle-linux-upgrade-bluez-libs-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.