Main Vulnerability Database SB2017062801

SB2017062801 - Denial of service in Linux kernel

Published: June 28, 2017 Updated: June 29, 2017

Security Bulletin ID SB2017062801

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Denial of service (CVE-ID: CVE-2017-8797)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Linux kernel NFSv4 Server due to insufficient validation of user-supplied input. A remote attacker on a system within the target mount's host address mask rang can send a specially crafted NFSv4 pNFS LAYOUTGET command via UDP, trigger an array deference error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/nfsd?h=v4.12-rc7&am...