Description
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
References (12)
Core 12
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://marc.info/?l=linux-nfs&m=149247516212924&w=2
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1615
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3754-1/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1647
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1616
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1319
Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e
Third Party Advisory x_refsource_confirm
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97950
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://marc.info/?l=linux-nfs&m=149218228327497&w=2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3886
Vendor Advisory x_refsource_confirm
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e
Scores
CVSS v3
7.5
EPSS
0.1601
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (4)
canonical/ubuntu_linux
14.04
debian/debian_linux
8.0
debian/debian_linux
9.0
linux/linux_kernel
< 3.2.89
Published
Apr 18, 2017
Tracked Since
Feb 18, 2026