Linux Kernel CVE-2017-7558 Multiple Local Information Disclosure Vulnerabilities

by CIRT Team

Description: A kernel data leak due to an out-of-bound read was found in Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since v4.7-rc1 upto v4.13 including. A data leak happens when these functions fill in sockaddr data structures used to export socket’s diagnostic information. As a result upto 100 bytes of the slab data could be leaked to a userspace.

Impact: Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• http://www.securityfocus.com/bid/100466/info
• https://bugzilla.redhat.com/show_bug.cgi?id=1480266
• https://access.redhat.com/security/cve/cve-2017-7558
• https://security-tracker.debian.org/tracker/CVE-2017-7558
• https://www.suse.com/security/cve/CVE-2017-7558/

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts