CVE-2017-17712 - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

CVE-2017-17712 (NVD)

2017-12-16

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.

Products	Linux_kernel
Type	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
First patch	https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
Patches	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
Relevant file/s	./net/ipv4/raw.c (modified, +10, -5)
Links	• https://usn.ubuntu.com/3582-1/ • https://www.debian.org/security/2017/dsa-4073 • https://source.android.com/security/bulletin/pixel/2018-04-01 • https://access.redhat.com/errata/RHSA-2018:0502 • https://usn.ubuntu.com/3582-2/ More/Less (3) • https://usn.ubuntu.com/3581-1/ • https://usn.ubuntu.com/3581-2/ • https://usn.ubuntu.com/3581-3/

linux - Tree: 8f659a03a0

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: