PT-2017-14963 · Linux+3 · Linux Kernel+3

Mohamed Ghannam

Published

2017-12-15

Updated

2023-06-21

CVE-2017-17712

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.14.6

Description The issue is related to a race condition in the raw sendmsg() function, specifically in the inet->hdrincl component, which leads to the usage of an uninitialized stack pointer. This condition allows a local user to execute arbitrary code and gain privileges.

Recommendations For Linux kernel versions through 4.14.6, update to a version later than 4.14.6 to resolve the issue.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2018-1007

ALT-PU-2018-1016

CVE-2017-17712

DSA-4073-1

OPENSUSE-SU-2018_0408-1

RHSA-2018:0502

SUSE-SU-2018:0269-1

SUSE-SU-2018:0272-1

SUSE-SU-2018:0273-1

SUSE-SU-2018:0277-1

SUSE-SU-2018:0278-1

SUSE-SU-2018:0280-1

SUSE-SU-2018:0281-1

SUSE-SU-2018:0282-1

SUSE-SU-2018:0294-1

SUSE-SU-2018:0296-1

SUSE-SU-2018:0297-1

SUSE-SU-2018:0298-1

SUSE-SU-2018:0301-1

SUSE-SU-2018:0340-1

SUSE-SU-2018:0345-1

SUSE-SU-2018:0346-1

SUSE-SU-2018:0347-1

SUSE-SU-2018:0383-1

SUSE-SU-2018:0416-1

SUSE-SU-2018:0431-1

SUSE-SU-2018:0433-1

SUSE-SU-2018:0436-1

SUSE-SU-2018:0482-1

SUSE-SU-2018:0986-1

USN-3581-1

USN-3581-2

USN-3581-3

USN-3582-1

USN-3582-2

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-14963 · Linux+3 · Linux Kernel+3

CVE-2017-17712

Weakness Enumeration

Related Identifiers

Affected Products

References · 308