CLD-40 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-7558 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2017-09-20 11:27:30
Date Last Modified 2017-09-20 13:20:18

Version Specific Information:

Cucumber 1.0 i686fixed in linux-4.9.51-i686-1
Cucumber 1.0 x86_64fixed in linux-4.9.51-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.51-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.51-x86_64-1

Details:

From https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51:
    inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() copy
    sizeof(sockaddr_storage) bytes to fill in sockaddr structs used
    to export diagnostic information to userspace.
    
    However, the memory allocated to store sockaddr information is
    smaller than that and depends on the address family, so we leak
    up to 100 uninitialized bytes to userspace. Just use the size of
    the source structs instead, in all the three cases this is what
    userspace expects. Zero out the remaining memory.
    
    Unused bytes (i.e. when IPv4 addresses are used) in source
    structs sctp_sockaddr_entry and sctp_transport are already
    cleared by sctp_add_bind_addr() and sctp_transport_new(),
    respectively.