CVE-2017-8797
CVSS v3.1
7.5 (High)
CVSS v2.0
7.8 (High)
EPSS
87.41 % (99th)
Affected Products
1
Advisories
13
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.
Weaknesses
- CWE-129
- Improper Validation of Array Index
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2017-07-02 17:29:00
(7 years ago) - Updated Date
-
2023-02-03 02:02:19
(19 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...