vulnerability
Ubuntu: (CVE-2017-7558): linux-hwe vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 26, 2018 | Nov 19, 2024 | Sep 1, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 26, 2018
Added
Nov 19, 2024
Modified
Sep 1, 2025
Description
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
Solutions
ubuntu-upgrade-linux-azureubuntu-upgrade-linux-gcpubuntu-upgrade-linux-hweubuntu-upgrade-linux-hwe-edge
References
- CVE-2017-7558
- https://attackerkb.com/topics/CVE-2017-7558
- CWE-125
- DEBIAN-DSA-3981
- URL-http://seclists.org/oss-sec/2017/q3/338
- URL-https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/sctp/socket.c?id=ee6c88bb754e3d363e568da78086adfedb692447
- URL-https://marc.info/?l=linux-netdev&m=150348777122761&w=2
- URL-https://www.cve.org/CVERecord?id=CVE-2017-7558
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.