CVE-2017-7645 Linux kernel: nfsd: remote DoS

[Ari Kauppi <Ari.Kauppi () synopsys com>]

Hi,

Linux kernel NFSv3 and NFSv2 servers are vulnerable to a remote DoS attack.

A specifically crafted request can overflow the request/response page
array. A few distinct attack vectors exist which all lead to system hang/crash
and have possibly other unspecified impact.

The attack vectors require at least read access to a NFS mount on the target host.

The issue has been verified to be reproducible on multiple baselines. At least
2.6.32, 3.2, 4.4, 4.8 and 4.10 baselines (and distributions derived from those)
have been confirmed to be vulnerable. Fixed in 4.11 release.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H (7.7 / High)

Upstream patch:
https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e

This issue was found by Tuomas Haanpää and Matti Kamunen from Synopsys Ltd
with Synopsys Defensics fuzzer.

Thanks,

--
Ari Kauppi / Synopsys Ltd.