Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceSUSE-SU-2018:0298-1

SUSE-SU-2018:0298-1

HIGH8.0

Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2)

Published Jan 30, 2018

Modified 8 years ago

Fix available

Details

Description of the patch:

This update for the Linux Kernel 4.4.103-92_53 fixes one issue.

The following security issue was fixed:

CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230).

Affected Packages

kgraft-patch-4_4_103-92_53-default

SUSE Linux Enterprise Live Patching 12

Fixed in:

2-2.1

References

https://bugzilla.suse.com/1073230

https://lists.suse.com/pipermail/sle-security-updates/2018-January/003685.html

https://www.suse.com/security/cve/CVE-2017-17712/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2018/suse-su-20180298-1/

CVSS Analysis

CVSS v3.0

8.0

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

HighI:H

Availability

HighA:H

8.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Upstream

Ecosystems

SUSE Linux Enterprise Live Patching 12

Timeline

PublishedJan 30, 2018

ModifiedJan 30, 2018

SUSE-SU-2018:0298-1 | Mondoo Vulnerability Intelligence