CVE-2017-7558

kernel: Out of bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() in SCTP stack

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.

Se ha encontrado una fuga de datos del kernel debido a una lectura fuera de límites en el kernel de Linux en las funciones inet_diag_msg_sctp{,l}addr_fill() y sctp_get_sctp_info() presentes desde la versión 4.7-rc1 hasta la versión 4.13. Ocurre una fuga de datos cuando estas funciones rellenan las estructuras de datos sockaddr utilizadas para exportar la información de diagnóstico del socket. Como resultado, se podían filtrar hasta 100 bytes de los datos de la slab a un espacio de usuario.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-05 CVE Reserved
2017-10-19 CVE Published
2018-12-01 First Exploit
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (12)

URL	Tag	Source
http://seclists.org/oss-sec/2017/q3/338	Mailing List
http://www.securityfocus.com/bid/100466	Third Party Advisory
http://www.securitytracker.com/id/1039221	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558	Issue Tracking

URL	Date	SRC
https://packetstorm.news/files/id/150552	2018-12-01

URL	Date	SRC
https://marc.info/?l=linux-netdev&m=150348777122761&w=2	2023-02-12

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2017:2918	2023-02-12
https://access.redhat.com/errata/RHSA-2017:2930	2023-02-12
https://access.redhat.com/errata/RHSA-2017:2931	2023-02-12
https://www.debian.org/security/2017/dsa-3981	2023-02-12
https://access.redhat.com/security/cve/CVE-2017-7558	2017-10-19
https://bugzilla.redhat.com/show_bug.cgi?id=1480266	2017-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 <= 4.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 <= 4.13"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7"		rc3		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7"		rc4		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7"		rc5		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7"		rc6		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.7 Search vendor "Linux" for product "Linux Kernel" and version "4.7"		rc7		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected