7.5

CVE-2017-7558

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.7 <= 4.13
LinuxLinux Kernel Version4.7 Updaterc1
LinuxLinux Kernel Version4.7 Updaterc2
LinuxLinux Kernel Version4.7 Updaterc3
LinuxLinux Kernel Version4.7 Updaterc4
LinuxLinux Kernel Version4.7 Updaterc5
LinuxLinux Kernel Version4.7 Updaterc6
LinuxLinux Kernel Version4.7 Updaterc7
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.76% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.1 1.4 3.6
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2017:2930
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2931
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2918
Third Party Advisory
http://seclists.org/oss-sec/2017/q3/338
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/100466
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039221
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558
Third Party Advisory
Issue Tracking
https://marc.info/?l=linux-netdev&m=150348777122761&w=2
Patch
Third Party Advisory
https://www.debian.org/security/2017/dsa-3981
Third Party Advisory