PT-2018-2892 · Linux+4 · Linux Kernel+4
Hangbin Liu
+2
·
Publicado
2018-11-08
·
Atualizado
2023-02-12
·
CVE-2018-16871
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 3.x through 4.20
Description
A flaw was found in the Linux kernel's NFS implementation. An attacker who is able to mount an exported NFS filesystem can trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server, resulting in the loss of any outstanding disk writes to the NFS server.
Recommendations
For Linux kernel versions 3.x through 4.20, consider disabling the NFS implementation until a patch is available to prevent exploitation. Restrict access to the NFS server to minimize the risk of denial of service. Avoid using invalid NFS sequences in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Linux Kernel
Red Hat
Suse