PT-2017-14963 · Linux+3 · Linux Kernel+3

Mohamed Ghannam

·

Publicado

2017-12-15

·

Atualizado

2023-06-21

·

CVE-2017-17712

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.14.6
Description The issue is related to a race condition in the raw sendmsg() function, specifically in the inet->hdrincl component, which leads to the usage of an uninitialized stack pointer. This condition allows a local user to execute arbitrary code and gain privileges.
Recommendations For Linux kernel versions through 4.14.6, update to a version later than 4.14.6 to resolve the issue.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2018-1007
ALT-PU-2018-1016
CVE-2017-17712
DSA-4073-1
OPENSUSE-SU-2018_0408-1
RHSA-2018:0502
SUSE-SU-2018:0269-1
SUSE-SU-2018:0272-1
SUSE-SU-2018:0273-1
SUSE-SU-2018:0277-1
SUSE-SU-2018:0278-1
SUSE-SU-2018:0280-1
SUSE-SU-2018:0281-1
SUSE-SU-2018:0282-1
SUSE-SU-2018:0294-1
SUSE-SU-2018:0296-1
SUSE-SU-2018:0297-1
SUSE-SU-2018:0298-1
SUSE-SU-2018:0301-1
SUSE-SU-2018:0340-1
SUSE-SU-2018:0345-1
SUSE-SU-2018:0346-1
SUSE-SU-2018:0347-1
SUSE-SU-2018:0383-1
SUSE-SU-2018:0416-1
SUSE-SU-2018:0431-1
SUSE-SU-2018:0433-1
SUSE-SU-2018:0436-1
SUSE-SU-2018:0482-1
SUSE-SU-2018:0986-1
USN-3581-1
USN-3581-2
USN-3581-3
USN-3582-1
USN-3582-2

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu