Veracode Vulnerability DatabaseVERACODE:18252Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Linux kernel is vulnerable to denial of service (DOS) attacks. This is because the NFSv4 server in the Linux kernel does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause an application crash.
References
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3
www.openwall.com/lists/oss-security/2017/06/27/5
www.securityfocus.com/bid/99298
www.securitytracker.com/id/1038790
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
access.redhat.com/errata/RHSA-2017:1842
access.redhat.com/errata/RHSA-2017:2077
access.redhat.com/errata/RHSA-2017:2437
access.redhat.com/errata/RHSA-2017:2669
access.redhat.com/security/cve/CVE-2016-10741
access.redhat.com/security/cve/CVE-2017-2584
access.redhat.com/security/cve/CVE-2017-5551
access.redhat.com/security/cve/CVE-2017-7495
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1377840
bugzilla.redhat.com/show_bug.cgi?id=1378172
bugzilla.redhat.com/show_bug.cgi?id=1389215
bugzilla.redhat.com/show_bug.cgi?id=1400188
bugzilla.redhat.com/show_bug.cgi?id=1414052
bugzilla.redhat.com/show_bug.cgi?id=1421801
bugzilla.redhat.com/show_bug.cgi?id=1421810
bugzilla.redhat.com/show_bug.cgi?id=1425780
bugzilla.redhat.com/show_bug.cgi?id=1426661
bugzilla.redhat.com/show_bug.cgi?id=1427626
bugzilla.redhat.com/show_bug.cgi?id=1427647
bugzilla.redhat.com/show_bug.cgi?id=1427991
bugzilla.redhat.com/show_bug.cgi?id=1428890
bugzilla.redhat.com/show_bug.cgi?id=1428943
bugzilla.redhat.com/show_bug.cgi?id=1429610
bugzilla.redhat.com/show_bug.cgi?id=1429640
bugzilla.redhat.com/show_bug.cgi?id=1429951
bugzilla.redhat.com/show_bug.cgi?id=1429977
bugzilla.redhat.com/show_bug.cgi?id=1430023
bugzilla.redhat.com/show_bug.cgi?id=1430038
bugzilla.redhat.com/show_bug.cgi?id=1430074
bugzilla.redhat.com/show_bug.cgi?id=1430353
bugzilla.redhat.com/show_bug.cgi?id=1430926
bugzilla.redhat.com/show_bug.cgi?id=1430946
bugzilla.redhat.com/show_bug.cgi?id=1431104
bugzilla.redhat.com/show_bug.cgi?id=1432118
bugzilla.redhat.com/show_bug.cgi?id=1434616
bugzilla.redhat.com/show_bug.cgi?id=1438512
bugzilla.redhat.com/show_bug.cgi?id=1441552
bugzilla.redhat.com/show_bug.cgi?id=1452240
bugzilla.redhat.com/show_bug.cgi?id=1459056
bugzilla.redhat.com/show_bug.cgi?id=1466329
github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5
github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C