QwikSec

Security Database

CVE

CWE

Training

CVE-2017-8797

Published: Jul 2, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.openwall.com/lists/oss-security/2017/06/27/5

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1466329

x_refsource_MISC

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79

x_refsource_MISC

https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.