CVE-2017-7895

kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

Las implementaciones de los servidores NFSv2 y NFSv3 en versiones del kernel de Linux 4.10.13 y anteriores, no realizan ciertas comprobaciones de la parte final de un búfer lo que permitiría a atacantes remotos desencadenar errores de aritmética de punteros o provocar otro impacto inespecífico a través de peticiones especialmente diseñadas. Relacionado con fs/nfsd/nfs3xdr.c y fs/nfsd/nfsxdr.c.

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-18 CVE Reserved
2017-04-28 CVE Published
2024-08-05 CVE Updated
2025-04-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125: Out-of-bounds Read

CAPEC

References (18)

URL	Tag	Source
http://www.securityfocus.com/bid/98085	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309	2023-01-19
https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309	2023-01-19

URL	Date	SRC
http://www.debian.org/security/2017/dsa-3886	2023-01-19
https://access.redhat.com/errata/RHSA-2017:1615	2023-01-19
https://access.redhat.com/errata/RHSA-2017:1616	2023-01-19
https://access.redhat.com/errata/RHSA-2017:1647	2023-01-19
https://access.redhat.com/errata/RHSA-2017:1715	2023-01-19
https://access.redhat.com/errata/RHSA-2017:1723	2023-01-19
https://access.redhat.com/errata/RHSA-2017:1766	2023-01-19
https://access.redhat.com/errata/RHSA-2017:1798	2023-01-19
https://access.redhat.com/errata/RHSA-2017:2412	2023-01-19
https://access.redhat.com/errata/RHSA-2017:2428	2023-01-19
https://access.redhat.com/errata/RHSA-2017:2429	2023-01-19
https://access.redhat.com/errata/RHSA-2017:2472	2023-01-19
https://access.redhat.com/errata/RHSA-2017:2732	2023-01-19
https://access.redhat.com/security/cve/CVE-2017-7895	2017-09-14
https://bugzilla.redhat.com/show_bug.cgi?id=1446103	2017-09-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 3.2.89 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.89"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 3.16.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.16.44"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17.0 < 4.1.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17.0 < 4.1.40"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 4.4.67 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.67"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5.0 < 4.9.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5.0 < 4.9.26"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.10.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.10.14"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected