PT-2017-4330 · Linux+3 · Linux Kernel+3

Ari Kauppi

Publicado

2017-03-17

Atualizado

2023-02-03

CVE-2017-8797

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.3

Description: The issue is related to the NFSv4 server in the Linux kernel, which does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This can lead to a denial of service (DoS) of knfsd and a soft-lockup of the whole system. The vulnerability is caused by the lack of validation of user data when handling GETDEVICEINFO and LAYOUTGET operands in UDP packets.

Recommendations: For Linux kernel versions prior to 4.11.3, update to version 4.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the NFSv4 server to minimize the risk of exploitation.

Exploit

Correção

DoS

Improper Validation of Array Index

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-129

Identificadores relacionados

ALT-PU-2017-1299

ALT-PU-2017-1661

BDU:2024-03778

CESA-2017_1842

CVE-2017-8797

RHSA-2017:1842

RHSA-2017:2077

RHSA-2017:2437

RHSA-2017:2669

RHSA-2017_1842

RHSA-2017_2077

SUSE-SU-2017:2043-1

SUSE-SU-2017:2046-1

SUSE-SU-2017:2062-1

SUSE-SU-2017:2063-1

SUSE-SU-2017:2064-1

SUSE-SU-2017:2065-1

SUSE-SU-2017:2066-1

SUSE-SU-2017:2067-1

SUSE-SU-2017:2068-1

SUSE-SU-2017:2070-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

PT-2017-4330 · Linux+3 · Linux Kernel+3

CVE-2017-8797

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 64