CVE-2017-7558
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 4.7-rc6 | 4.7-rc6.x |
| linux / linux_kernel | 4.7-rc1 | 4.7-rc1.x |
| linux / linux_kernel | 4.7-rc2 | 4.7-rc2.x |
| linux / linux_kernel | 4.7-rc3 | 4.7-rc3.x |
| linux / linux_kernel | 4.7-rc4 | 4.7-rc4.x |
| linux / linux_kernel | 4.7-rc5 | 4.7-rc5.x |
| linux / linux_kernel | 4.7-rc7 | 4.7-rc7.x |
| linux / linux_kernel | 4.7 | 4.13.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
- http://seclists.org/oss-sec/2017/q3/338
- http://www.securityfocus.com/bid/100466
- http://www.securitytracker.com/id/1039221
- https://access.redhat.com/errata/RHSA-2017:2918
- https://access.redhat.com/errata/RHSA-2017:2930
- https://access.redhat.com/errata/RHSA-2017:2931
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558
- https://marc.info/?l=linux-netdev&m=150348777122761&w=2
- https://www.debian.org/security/2017/dsa-3981
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime