CVE-2017-7558

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.78 % (82^th)

Affected Products 2

Advisories 9

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2018-07-26 15:29:00
(6 years ago)
Updated Date: 2023-02-12 23:31:17
(19 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.7 version and 4.13 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 4.7	<= 4.13
Linux Kernel 4.7 Rc1	cpe:2.3:o:linux:linux_kernel:4.7:rc1
Linux Kernel 4.7 Rc2	cpe:2.3:o:linux:linux_kernel:4.7:rc2
Linux Kernel 4.7 Rc3	cpe:2.3:o:linux:linux_kernel:4.7:rc3
Linux Kernel 4.7 Rc4	cpe:2.3:o:linux:linux_kernel:4.7:rc4
Linux Kernel 4.7 Rc5	cpe:2.3:o:linux:linux_kernel:4.7:rc5
Linux Kernel 4.7 Rc6	cpe:2.3:o:linux:linux_kernel:4.7:rc6
Linux Kernel 4.7 Rc7	cpe:2.3:o:linux:linux_kernel:4.7:rc7

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0