Veracode Vulnerability DatabaseVERACODE:18830Information Disclosure
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Linux kernel is vulnerable to information disclosure attacks. A local user could exploit a flaw in the inet_diag_msg_sctpaddrs_fill(), inet_diag_msg_sctpladdrs_fill(), and sctp_get_sctp_info() functions in ‘net/sctp/sctp_diag.c’ to obtain potentially sensitive information in portions of slab memory on the target system.
References
seclists.org/oss-sec/2017/q3/338
www.securityfocus.com/bid/100466
www.securitytracker.com/id/1039221
access.redhat.com/errata/RHSA-2017:2918
access.redhat.com/errata/RHSA-2017:2930
access.redhat.com/errata/RHSA-2017:2931
access.redhat.com/security/cve/CVE-2017-7558
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1480266
bugzilla.redhat.com/show_bug.cgi?id=1489085
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558
marc.info/?l=linux-netdev&m=150348777122761&w=2
www.debian.org/security/2017/dsa-3981
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N