Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
Linux kernel 缓冲区错误漏洞
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.7-rc1版本至4.13版本中的‘inet_diag_msg_sctp{,l}addr_fill()’和‘sctp_get_sctp_info()’函数存在越界读取漏洞。攻击者可利用该漏洞泄露内核数据。
CVSS Information
N/A
Vulnerability Type
N/A