The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).
CVE-2017-1000410
Score 7.5 from GitHub Security Advisory (severity: HIGH) published 2022-05-14. NVD baseline CVSS 7.5; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 7.5
- EG Score
- 7.5(medium)
- EPSS
- 89.9%
- KEV
- Not listed
Published
December 7, 2017
Last Modified
May 13, 2026
References (26)
- cve@mitrehttp://seclists.org/oss-sec/2017/q4/357
- cve@mitrehttp://www.securityfocus.com/bid/102101
- cve@mitrehttps://access.redhat.com/errata/RHSA-2018:0654
- cve@mitrehttps://access.redhat.com/errata/RHSA-2018:0676
- cve@mitrehttps://access.redhat.com/errata/RHSA-2018:1062
- cve@mitrehttps://access.redhat.com/errata/RHSA-2018:1130
- cve@mitrehttps://access.redhat.com/errata/RHSA-2018:1170
- cve@mitrehttps://access.redhat.com/errata/RHSA-2018:1319
- cve@mitrehttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- cve@mitrehttps://usn.ubuntu.com/3933-1/
- cve@mitrehttps://usn.ubuntu.com/3933-2/
- cve@mitrehttps://www.debian.org/security/2017/dsa-4073
- cve@mitrehttps://www.debian.org/security/2018/dsa-4082
- af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2017/q4/357
- af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102101
Vendor Advisories for CVE-2017-1000410(1)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Patch Availability(8)
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | linux-image-3.13.0-168-generic-lpae (3.13.0-168.218~precise1) @ precise | 2026-05-22 | ubuntu |
| ubuntu | linux-image-virtual (3.13.0.168.179) @ trusty | 2026-05-22 | ubuntu |
| redhat | kernel-0:2.6.32-696.28.1.el6 | 2018-05-08 | redhat |
| redhat | kernel-0:3.10.0-693.25.2.el7 | 2018-04-17 | redhat |
| redhat | kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt | 2018-04-17 | redhat |
| redhat | kernel-0:3.10.0-862.el7 | 2018-04-10 | redhat |
| redhat | kernel-rt-0:3.10.0-862.rt56.804.el7 | 2018-04-10 | redhat |
| redhat | kernel-alt-0:4.14.0-49.el7a | 2018-04-10 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Additional Vendor Advisories
(7)
Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.
- Red HatRHSA-2018:0654MODERATE2017-12-06
RHSA-2018:0654 — Moderate
- Red HatRHSA-2018:0676MODERATE2017-12-06
RHSA-2018:0676 — Moderate
- Red HatRHSA-2018:1062MODERATE2017-12-06
RHSA-2018:1062 — Moderate
- Red HatRHSA-2018:1130MODERATE2017-12-06
RHSA-2018:1130 — Moderate
- Red HatRHSA-2018:1170MODERATE2017-12-06
RHSA-2018:1170 — Moderate
- UbuntuUSN-3933-1LOW
Linux kernel vulnerabilities
- UbuntuUSN-3933-2LOW
Linux kernel (Trusty HWE) vulnerabilities
Data Freshness Timeline
(refreshed 10× in last 7d / 37× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-07 13:42 UTCEPSS rescore
- 2026-07-06 16:24 UTCEPSS rescore
- 2026-07-06 16:24 UTCEPSS rescore
- 2026-07-06 02:20 UTCEPSS rescore
- 2026-07-06 02:20 UTCEPSS rescore
- 2026-07-05 02:27 UTCEPSS rescore
- 2026-07-04 06:28 UTCEPSS rescore
- 2026-07-01 15:02 UTCEPSS rescore
- 2026-06-30 23:19 UTCEPSS rescore
- 2026-06-30 23:19 UTCEPSS rescore
- 2026-06-29 14:03 UTCEPSS rescore
- 2026-06-28 04:53 UTCEPSS rescore
- 2026-06-27 03:05 UTCEPSS rescore
- 2026-06-25 13:47 UTCEPSS rescore
- 2026-06-24 14:02 UTCEPSS rescore
- 2026-06-23 21:30 UTCEPSS rescore
- 2026-06-22 20:35 UTCOSV refresh
- 2026-06-22 14:23 UTCEPSS rescore
- 2026-06-21 14:54 UTCEPSS rescore
- 2026-06-21 14:54 UTCEPSS rescore
- 2026-06-21 01:57 UTCEPSS rescore
- 2026-06-21 01:57 UTCEPSS rescore
- 2026-06-19 19:23 UTCEPSS rescore
- 2026-06-19 19:23 UTCEPSS rescore
- 2026-06-18 17:50 UTCEPSS rescore
Show 47 moreShow fewer
- 2026-06-18 17:50 UTCEPSS rescore
- 2026-06-17 17:50 UTCEPSS rescore
- 2026-06-17 17:50 UTCEPSS rescore
- 2026-06-16 17:50 UTCEPSS rescore
- 2026-06-15 17:45 UTCEPSS rescore
- 2026-06-14 23:14 UTCEPSS rescore
- 2026-06-14 23:14 UTCEPSS rescore
- 2026-06-13 22:57 UTCEPSS rescore
- 2026-06-13 22:57 UTCEPSS rescore
- 2026-06-12 23:09 UTCEPSS rescore
- 2026-06-11 13:57 UTCEPSS rescore
- 2026-06-08 14:14 UTCEPSS rescore
- 2026-06-07 15:22 UTCEPSS rescore
- 2026-06-07 15:22 UTCEPSS rescore
- 2026-06-05 22:44 UTCEPSS rescore
- 2026-06-05 11:27 UTCOSV refresh
- 2026-06-05 06:08 UTCEPSS rescore
- 2026-06-05 06:08 UTCEPSS rescore
- 2026-06-04 13:10 UTCEPSS rescore
- 2026-06-04 13:10 UTCEPSS rescore
- 2026-06-02 20:10 UTCEPSS rescore
- 2026-06-01 13:49 UTCEPSS rescore
- 2026-06-01 13:49 UTCEPSS rescore
- 2026-05-31 22:28 UTCEPSS rescore
- 2026-05-31 22:28 UTCEPSS rescore
- 2026-05-31 00:14 UTCEPSS rescore
- 2026-05-29 13:41 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-27 13:38 UTCEPSS rescore
- 2026-05-27 13:38 UTCEPSS rescore
- 2026-05-26 13:42 UTCEPSS rescore
- 2026-05-26 13:42 UTCEPSS rescore
- 2026-05-26 07:17 UTCEPSS rescore
- 2026-05-24 16:44 UTCEPSS rescore
- 2026-05-22 21:15 UTCEPSS rescore
- 2026-05-22 07:26 UTCEG score recompute
- 2026-05-22 07:26 UTCVendor advisory
- 2026-05-22 07:25 UTCGHSA enrichment
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 11:21 UTCEPSS rescore
- 2026-05-20 11:21 UTCEPSS rescore
- 2026-05-18 21:30 UTCEPSS rescore
- 2026-05-18 21:30 UTCEPSS rescore
- 2026-05-18 21:30 UTCEPSS rescore
Related CVEs(same vendor)
Frequently asked(5)
What is CVE-2017-1000410?
When was CVE-2017-1000410 disclosed?
Is CVE-2017-1000410 actively exploited?
What is the CVSS score of CVE-2017-1000410?
How do I remediate CVE-2017-1000410?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2017-1000410
Is Your Infrastructure Affected by CVE-2017-1000410?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.