SUSE-SU-2018:0273-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2017-16939 CVE-2017-17712

Published: 29 Jan 2018, 19:01

Last modified:04 Feb 2026, 02:58

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Jan 2018, 19:01

Published

Vulnerability first disclosed

04 Feb 2026, 02:58

Last Modified

Vulnerability information updated

Description

Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). - CVE-2017-16939: The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).

Affected Systems

suse•kgraft-patch-SLE12-SP2_Update_7&distro=SUSE Linux Enterprise Live Patching 12
< 8-2.1

SUSE-SU-2018:0273-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)