DEBIAN-CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

Race condition

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

CVE-2017-17712

Technical details about CVE-2017-17712 are not publicly available in the provided connected documents. Monitor for updates from vendor advisories and upstream kernel patches.

UBUNTU-CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

PT-2017-14963 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.14.6 Description: The issue is related to a race condition in the raw sendmsg function, specifically in the inet-hdrincl component, which leads to the usage of an uninitialized stack pointer. This condition...

CVE-2017-1000410

Summary of CVE-2017-1000410 (Linux kernel info leak) : The vulnerability affects Linux kernel 3.3-rc1 and later in how L2CAP ConfigRequest/ConfigResponse are parsed. A stack variable (struct l2cap_conf_efs efs) is declared uninitialized and, depending on parsing flow and input, can be leaked back...

CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...

CVE-2017-0380

The rendserviceintroestablished function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to t...

Windows WMI Receive Notification Exploit

This module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: https://metasploit.com/download Current source:...

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

CVE-2017-9670

An uninitialized stack variable vulnerability in loadticseries in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact when a victim opens a specially crafted file...

CVE-2017-9670

CVE-2017-9670 is a vulnerability in gnuplot where an uninitialized stack variable in load_tic_series() (set.c) of version 5.2.rc1 can cause a Denial of Service (segmentation fault) or memory corruption when a specially crafted file is opened. The connected sources corroborate the issue and its im...

CVE-2017-4903

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8...

Linux kernel mm/mempolicy.c Sensitive Information Disclosure Vulnerability

Linux kernel is an open source operating system. A security vulnerability exists in the setmempolicy and mbind compat syscalls of the mm/mempolicy.c file of Linux kernel. A local attacker can exploit this vulnerability to submit a special request to obtain sensitive information about an...

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

DEBIAN-CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

CVE-2017-7616

Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...