![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
CVE-2017-7645 Linux kernel: nfsd: remote DoS
From: Ari Kauppi <Ari.Kauppi () synopsys com>
Date: Tue, 2 May 2017 12:58:22 +0000
Hi, Linux kernel NFSv3 and NFSv2 servers are vulnerable to a remote DoS attack. A specifically crafted request can overflow the request/response page array. A few distinct attack vectors exist which all lead to system hang/crash and have possibly other unspecified impact. The attack vectors require at least read access to a NFS mount on the target host. The issue has been verified to be reproducible on multiple baselines. At least 2.6.32, 3.2, 4.4, 4.8 and 4.10 baselines (and distributions derived from those) have been confirmed to be vulnerable. Fixed in 4.11 release. CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H (7.7 / High) Upstream patch: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e This issue was found by Tuomas Haanpää and Matti Kamunen from Synopsys Ltd with Synopsys Defensics fuzzer. Thanks, -- Ari Kauppi / Synopsys Ltd.
Current thread:
- CVE-2017-7645 Linux kernel: nfsd: remote DoS Ari Kauppi (May 02)