CVE-2017-17712
kernel: Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
La función raw_sendmsg() en net/ipv4/raw.c en el kernel de Linux hasta la versión 4.14.6 tiene una condición de carrera en inet->hdrincl que conduce al uso de un puntero de pila no inicializado. Esto permite que un usuario local ejecute código y obtenga privilegios.
A flaw was found in the Linux kernel's implementation of raw_sendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting the socket option to allow the kernel to automatically create ip header values and thus potentially escalate their privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-15 CVE Reserved
- 2017-12-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
https://source.android.com/security/bulletin/pixel/2018-04-01 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0502 | 2023-06-21 | |
https://usn.ubuntu.com/3581-1 | 2023-06-21 | |
https://usn.ubuntu.com/3581-2 | 2023-06-21 | |
https://usn.ubuntu.com/3581-3 | 2023-06-21 | |
https://usn.ubuntu.com/3582-1 | 2023-06-21 | |
https://usn.ubuntu.com/3582-2 | 2023-06-21 | |
https://www.debian.org/security/2017/dsa-4073 | 2023-06-21 | |
https://access.redhat.com/security/cve/CVE-2017-17712 | 2018-03-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1526427 | 2018-03-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.52 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.52" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.109 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.109" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.74 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.74" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.11" | - |
Affected
|