Tuomas Haanpää

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.10.13 **Description** The issue is related to an integer overflow in the NFSv2 and NFSv3 server implementations. It may allow a remote attacker to trigger pointer-arithmetic errors or have other unspecified impacts by sending specially crafted requests. The affected files are fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. **Recommendations** For Linux kernel versions prior to 4.10.13, update to version 4.10.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the NFSv2 and NFSv3 server implementations until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.10.11 **Description** The issue is related to the NFSv2/NFSv3 server in the nfsd subsystem, which allows remote attackers to cause a denial of service (system crash) via a long RPC reply. This is due to insufficient input validation, and it is associated with the files net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. **Recommendations** For Linux kernel versions prior to 4.10.11, update to version 4.10.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the NFSv2/NFSv3 server to minimize the risk of exploitation.