Medium severity5.1NVD Advisory· Published Jul 26, 2018· Updated Jun 17, 2026
CVE-2017-7558
CVE-2017-7558
Description
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
9- marc.infonvdPatchThird Party Advisory
- seclists.org/oss-sec/2017/q3/338nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/100466nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039221nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2918nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2930nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2931nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- www.debian.org/security/2017/dsa-3981nvdThird Party Advisory
News mentions
0No linked articles in our index yet.