CVE-2018-1000028

Name of the Vulnerable Software and Affected Versions: Linux kernel versions after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+

Description: The issue is related to an Incorrect Access Control vulnerability in the NFS server (nfsd) that allows remote users to read or write files they should not be able to access via NFS. This can be exploited when the NFS server exports a filesystem with the "rootsquash" options enabled.

Recommendations: For Linux kernel versions 4.15-rc4 and later, 4.14.8 and later, 4.9.76 and later, 4.4.111 and later, update to a version that includes the fix after commit 1995266727fa to resolve the issue.