|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-01-09 | |
| Rule Name: | PROTOCOL-NFS Linux Kernel NFSv4 nfsd PNFS denial of Service Vulnerability - 3 (CVE-2017-8797) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Linux | |
| Reference: | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3 SecurityFocusBID:99298 SecurityTrackerID:1038790 |
|
| Solutions |
|---|
| A source code fix has been released for update. For more information, please visit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/nfsd?h=v4.12-rc7&id=b550a32e60a4941994b437a8d662432a486235a5 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/nfsd?h=v4.12-rc7&id=f961e3f2acae94b727380c0b74e2d3954d0edf79 |