A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-26T15:00:00

Updated: 2024-08-05T16:04:12.011Z

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7558

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-26T15:29:00.357

Modified: 2024-11-21T03:32:09.810

Link: CVE-2017-7558

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-08-23T00:00:00Z

Links: CVE-2017-7558 - Bugzilla