Vulnerability Description
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.19, < 4.1.52 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659aPatchVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:0502Third Party Advisory
- https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f48PatchThird Party Advisory
- https://source.android.com/security/bulletin/pixel/2018-04-01Third Party Advisory
- https://usn.ubuntu.com/3581-1/Third Party Advisory
- https://usn.ubuntu.com/3581-2/Third Party Advisory
- https://usn.ubuntu.com/3581-3/Third Party Advisory
- https://usn.ubuntu.com/3582-1/Third Party Advisory
- https://usn.ubuntu.com/3582-2/Third Party Advisory
- https://www.debian.org/security/2017/dsa-4073Third Party Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659aPatchVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:0502Third Party Advisory
- https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f48PatchThird Party Advisory
- https://source.android.com/security/bulletin/pixel/2018-04-01Third Party Advisory
- https://usn.ubuntu.com/3581-1/Third Party Advisory
FAQ
What is CVE-2017-17712?
CVE-2017-17712 is a vulnerability with a CVSS score of 7.0 (HIGH). The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execu...
How severe is CVE-2017-17712?
CVE-2017-17712 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17712?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.