Linux Kernel CVE-2017-7558 Multiple Local Information Disclosure Vulnerabilities
by CIRT Team
Description: A kernel data leak due to an out-of-bound read was found in Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since v4.7-rc1 upto v4.13 including. A data leak happens when these functions fill in sockaddr data structures used to export socket’s diagnostic information. As a result upto 100 bytes of the slab data could be leaked to a userspace.
Impact: Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks.
Mitigation: Updates are available. Please check specific vendor advisory for more information.
Reference URL’s:
- http://www.securityfocus.com/bid/100466/info
- https://bugzilla.redhat.com/show_bug.cgi?id=1480266
- https://access.redhat.com/security/cve/cve-2017-7558
- https://security-tracker.debian.org/tracker/CVE-2017-7558
- https://www.suse.com/security/cve/CVE-2017-7558/
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
