CVE-2017-7558
kernel: Out of bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() in SCTP stack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
Se ha encontrado una fuga de datos del kernel debido a una lectura fuera de límites en el kernel de Linux en las funciones inet_diag_msg_sctp{,l}addr_fill() y sctp_get_sctp_info() presentes desde la versión 4.7-rc1 hasta la versión 4.13. Ocurre una fuga de datos cuando estas funciones rellenan las estructuras de datos sockaddr utilizadas para exportar la información de diagnóstico del socket. Como resultado, se podían filtrar hasta 100 bytes de los datos de la slab a un espacio de usuario.
Linux Kernel version 4.8 on Ubuntu 16.04 suffers from an sctp kernel pointer leak vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-10-19 CVE Published
- 2024-08-05 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2017/q3/338 | Mailing List |
|
| http://www.securityfocus.com/bid/100466 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039221 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://marc.info/?l=linux-netdev&m=150348777122761&w=2 | 2023-02-12 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2918 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2017:2930 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2017:2931 | 2023-02-12 | |
| https://www.debian.org/security/2017/dsa-3981 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2017-7558 | 2017-10-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1480266 | 2017-10-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.7 <= 4.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 <= 4.13" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7" | rc4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7" | rc5 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7" | rc6 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7" | rc7 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||