Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-7558

Published: 26/07/2018 Updated: 12/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Linux Kernel

Vulnerability Summary

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 4.7

linux linux kernel

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: linux: CVE-2017-1000251
Debian Bug report logs - #875881 linux: CVE-2017-1000251 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Christoph Anton Mitterer <calestyo@scientianet> Date: Fri, 15 Sep 2017 14:42:01 UTC Severity: critical Tags: confirmed, fixed-upstream, security, ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Debian Security Advisories: DSA-3981-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction A process inside a guest can take advanta ...
Amazon Linux AMI: ALAS-2017-901
A buffer overflow was discovered in tpacket_rcv() function in the Linux kernel since v46-rc1 through v413 A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kernel buffer This can cause unspecified kernel data ...
Red Hat: CVE-2017-7558
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 47-rc1 through version 413 A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information As a result, up to 100 byte ...

Exploits

Exploit DB: Linux Kernel 4.8 (Ubuntu 16.04) sctp Kernel Pointer Leak
Linux Kernel version 48 on Ubuntu 1604 suffers from an sctp kernel pointer leak vulnerability ...

Github Repositories

https://github.com/r3dxpl0it/Extreme-Exploit

An Directory For Archiving Non-Robust Exploits, Exploit Samples and Malware Samples/Parts

Extreme-Exploit An Directory For Archiving Non-Robust Exploits But Tested or Approved or Used ! Some Exploit May Have been written By Others and some minor/major changes applied to them List Of Exploits CVE-2017-7558 Linux Kernel version 48 on Ubuntu 1604 suffers from an sctp kernel pointer leak vulnerability

References

CWE-125https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558http://seclists.org/oss-sec/2017/q3/338https://marc.info/?l=linux-netdev&m=150348777122761&w=2https://www.debian.org/security/2017/dsa-3981https://access.redhat.com/errata/RHSA-2017:2931https://access.redhat.com/errata/RHSA-2017:2930https://access.redhat.com/errata/RHSA-2017:2918http://www.securitytracker.com/id/1039221http://www.securityfocus.com/bid/100466https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875881https://github.com/r3dxpl0it/Extreme-Exploithttps://access.redhat.com/errata/RHSA-2017:2918https://www.debian.org/security/./dsa-3981
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook