SB2018021407 - SUSE Linux update for the Linux Kernel (Live Patch 7 for SLE 12 SP3)
Published: February 14, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2017-17712)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a race condition in inet->hdrincl in the raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel. A local attacker can trigger uninitialized stack pointer usage and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.