CVE-2017-17712

HIGH

Linux Kernel 3.19-4.1.52 - Local Privilege Escalation via Race Condition in raw_sendmsg

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17712. PoCs published by TamiiLambrado.

AI-analyzed exploit summary This PoC exploits a race condition in the Linux kernel's raw_sendmsg() function (CVE-2017-17712), where an uninitialized stack variable can be manipulated via concurrent setsockopt() calls to achieve arbitrary code execution. The exploit uses thread-based racing and stack spraying via poll() to control the uninitialized msghdr pointer.

Description

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.

Exploits (1)

github WORKING POC 3 stars

by TamiiLambrado · cpoc

https://github.com/TamiiLambrado/CVE-pocs/tree/master/CVE-2017-17712-raw_sendmsg.c

View Code ZIP pw:eip

This PoC exploits a race condition in the Linux kernel's raw_sendmsg() function (CVE-2017-17712), where an uninitialized stack variable can be manipulated via concurrent setsockopt() calls to achieve arbitrary code execution. The exploit uses thread-based racing and stack spraying via poll() to control the uninitialized msghdr pointer.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel (versions affected by the race condition in net/ipv4/raw.c)

No auth needed

Prerequisites: Linux system with vulnerable kernel · ability to create raw sockets · ability to create user/network namespaces

MITRE ATT&CK