Vulnerability Details : CVE-2017-7558
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
Products affected by CVE-2017-7558
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.7:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.7:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.7:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.7:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.7:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.7:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.7:rc5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7558
0.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7558
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
5.1
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
1.4
|
3.6
|
Red Hat, Inc. |
CWE ids for CVE-2017-7558
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2017-7558
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558
1480266 – (CVE-2017-7558) CVE-2017-7558 kernel: Out of bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() in SCTP stackIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2930
RHSA-2017:2930 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://marc.info/?l=linux-netdev&m=150348777122761&w=2
'[PATCH net] sctp: Avoid out-of-bounds reads from address storage' - MARCPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/100466
Linux Kernel CVE-2017-7558 Multiple Local Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2017/dsa-3981
Debian -- Security Information -- DSA-3981-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2918
RHSA-2017:2918 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2931
RHSA-2017:2931 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1039221
Linux Kernel 'sctp_diag.c' Function Flaws Let Local Users Obtain Potentially Sensitive Information from System Memory - SecurityTrackerThird Party Advisory;VDB Entry
-
http://seclists.org/oss-sec/2017/q3/338
oss-sec: CVE-2017-7558: Linux kernel: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()Mailing List;Third Party Advisory
Jump to