CVE-2017-8797

CVSS v3.1 7.5 (High)

CVSS v2.0 7.8 (High)

EPSS 87.41 % (99^th)

Affected Products 1

Advisories 13

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

Weaknesses

CWE-129: Improper Validation of Array Index

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-07-02 17:29:00
(7 years ago)
Updated Date: 2023-02-03 02:02:19
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.0 version and prior 4.1.40 version	cpe:2.3:o:linux:linux_kernel	>= 4.0	< 4.1.40
Linux Kernel from 4.2 version and prior 4.4.70 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.70
Linux Kernel from 4.5 version and prior 4.9.30 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.30
Linux Kernel from 4.11 version and prior 4.11.3 version	cpe:2.3:o:linux:linux_kernel	>= 4.11	< 4.11.3