// For flags

CVE-2017-8797

kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

El servidor NFSv4 en el kernel de Linux en versiones anteriores a la 4.11.3 no valida correctamente el tipo de diseño al procesar los operandos NFSv4 pNFS GETDEVICEINFO o LAYOUTGET en un paquete UDP de un atacante remoto. Este valor de tipo no se inicializa al encontrarse ciertas condiciones de error. Este valor se emplea como índice de arrays para desreferenciar, lo que conduce a un error OOPS y, finalmente, a una DoS de knfsd y a un bloqueo parcial de todo el sistema.

It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-05-05 CVE Reserved
  • 2017-07-02 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-129: Improper Validation of Array Index
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.0 < 4.1.40
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.1.40"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.2 < 4.4.70
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.70"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.5 < 4.9.30
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.30"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.11 < 4.11.3
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.11.3"
-
Affected