Linux Kernel CVE-2017-7558 Multiple Local Information Disclosure Vulnerabilities

Description: A kernel data leak due to an out-of-bound read was found in Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since v4.7-rc1 upto v4.13 including. A data leak happens when these functions fill in sockaddr data structures used to export socket’s diagnostic information. As a result upto 100 bytes of the slab data could be leaked to a userspace.

Impact: Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s: