Impact: Moderate Public Date: 2019-06-03 CWE: CWE-476 Bugzilla: 1655162: CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence A flaw was found in the Linux kernel's NFS implementation. An attacker who is able to mount an exported NFS filesystem is able to trigger a null pointer dereference by an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
Find out more about CVE-2018-16871 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 7.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | kernel-rt | Affected |
| Red Hat Enterprise Linux 8 | kernel | Affected |
| Red Hat Enterprise Linux 8 | kernel-rt | Affected |
| Red Hat Enterprise Linux 7 | kernel-alt | Affected |
| Red Hat Enterprise Linux 7 | kernel | Affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Affected |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
Vulmon