CVE-2017-8797
kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.
El servidor NFSv4 en el kernel de Linux en versiones anteriores a la 4.11.3 no valida correctamente el tipo de diseño al procesar los operandos NFSv4 pNFS GETDEVICEINFO o LAYOUTGET en un paquete UDP de un atacante remoto. Este valor de tipo no se inicializa al encontrarse ciertas condiciones de error. Este valor se emplea como índice de arrays para desreferenciar, lo que conduce a un error OOPS y, finalmente, a una DoS de knfsd y a un bloqueo parcial de todo el sistema.
It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-05 CVE Reserved
- 2017-07-02 CVE Published
- 2023-10-06 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-129: Improper Validation of Array Index
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99298 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038790 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3 | 2023-02-03 | |
| https://access.redhat.com/errata/RHSA-2017:1842 | 2023-02-03 | |
| https://access.redhat.com/errata/RHSA-2017:2077 | 2023-02-03 | |
| https://access.redhat.com/errata/RHSA-2017:2437 | 2023-02-03 | |
| https://access.redhat.com/errata/RHSA-2017:2669 | 2023-02-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1466329 | 2017-09-06 | |
| https://access.redhat.com/security/cve/CVE-2017-8797 | 2017-09-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.0 < 4.1.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.1.40" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.70 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.70" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.30" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 4.11.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.11.3" | - |
Affected
| ||||||