Dan Aloni

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the NFSD component in the Linux kernel, where a read operation near the OFFSET MAX value can cause a loff t overflow in the server, leading to an indefinite retry of the request by the client. The Linux NFS client does not handle the NFS error code EINVAL, which is permitted by NFS specifications for a READ operation. To resolve this, out-of-range READ requests are made to succeed and return a short result, with the EOF flag set to prevent the client from retrying the request. This behavior is consistent with Solaris NFS servers. Note that NFSv3 and NFSv4 use u64 offset values on the wire, which must be converted to loff t internally before use. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns a problem in the Linux kernel where pointer dereferences occur in error cases of `rpcrdma ep create`. If failures happen, non-NULL pointers should not be left with the error value; otherwise, `rpcrdma ep destroy` gets confused and attempts to free them, resulting in an error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11 Description: The issue is related to a NULL pointer dereference in the `setup ntlmv2 rsp()` function, located in `fs/cifs/cifsencrypt.c`. This occurs when an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. An attacker controlling a CIFS server can exploit this to cause a kernel panic on a client system that has the server mounted. The vulnerability allows a remote attacker to trigger a kernel panic on a vulnerable system when it connects to a controlled CIFS resource. Recommendations: For Linux kernel versions prior to 4.11, update to version 4.11 or later to resolve the issue. As a temporary workaround, consider restricting access to CIFS servers to minimize the risk of exploitation. Avoid using the `setup ntlmv2 rsp()` function until a patch is available.