PT-2018-2892 · Linux+4 · Linux Kernel+4

Hangbin Liu

+2

·

Published

2018-11-08

·

Updated

2023-02-12

·

CVE-2018-16871

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x through 4.20
Description A flaw was found in the Linux kernel's NFS implementation. An attacker who is able to mount an exported NFS filesystem can trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server, resulting in the loss of any outstanding disk writes to the NFS server.
Recommendations For Linux kernel versions 3.x through 4.20, consider disabling the NFS implementation until a patch is available to prevent exploitation. Restrict access to the NFS server to minimize the risk of denial of service. Avoid using invalid NFS sequences in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-1139
ALT-PU-2019-1363
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-02456
CESA-2019_1873
CESA-2020_1567
CESA-2020_1769
CVE-2018-16871
OPENSUSE-SU-2019:1716-1
OPENSUSE-SU-2019:1757-1
OPENSUSE-SU-2019_1716-1
OPENSUSE-SU-2019_1757-1
RHSA-2019:1873
RHSA-2019:1891
RHSA-2019:2696
RHSA-2019:2730
RHSA-2019_1873
RHSA-2019_1891
RHSA-2020:0740
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020_1567
RHSA-2020_1769
SUSE-SU-2019:1744-1
SUSE-SU-2019:1829-1
SUSE-SU-2019:1851-1
SUSE-SU-2019:1855-1
SUSE-SU-2019:2069-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2450-1
SUSE-SU-2019:3223-1
SUSE-SU-2019:3246-1
SUSE-SU-2019:3252-1
SUSE-SU-2019_1744-1
SUSE-SU-2019_1829-1
SUSE-SU-2019_1851-1
SUSE-SU-2019_1855-1
SUSE-SU-2019_2069-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse