Description
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
References (7)
Core 7
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2696
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2730
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K18657134
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0740
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20211004-0002/
Scores
CVSS v3
7.5
EPSS
0.0150
EPSS Percentile
81.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (22)
linux/linux_kernel
3.0 - 4.20
netapp/cloud_backup
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
netapp/h700s_firmware
... and 12 more
Published
Jul 30, 2019
Tracked Since
Feb 18, 2026