Main Vulnerability Database SB2017082404

SB2017082404 - Information disclosure in Linux Kernel

Published: August 24, 2017

Security Bulletin ID SB2017082404

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2017-7558)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to put-of-bounds read in the inet_diag_msg_sctpaddrs_fill(), inet_diag_msg_sctpladdrs_fill(), and sctp_get_sctp_info() functions in 'net/sctp/sctp_diag.c'. A local attacker can gain access to important data in portions of slab memory on the target system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://marc.info/?l=linux-netdev&m=150348777122761&w=2