Published: 18/04/2017 Updated: 17/01/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel up to and including 4.10.11 allows remote malicious users to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 14.04

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured CVE ...

Several security issues were fixed in the Linux kernel ...

The NFS2/3 RPC client could send long arguments to the NFS server These encoded arguments are stored in an array of memory pages, and accessed using pointer variables Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access A remote user or program could use this flaw to crash the kern ...

CWE-20 https://marc.info/?l=linux-nfs&m=149247516212924&w=2 https://marc.info/?l=linux-nfs&m=149218228327497&w=2 http://www.securityfocus.com/bid/97950 https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e http://www.debian.org/security/2017/dsa-3886 https://access.redhat.com/errata/RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2018:1319 https://usn.ubuntu.com/3754-1/https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:1615 https://usn.ubuntu.com/3312-2/https://www.debian.org/security/./dsa-3886

CVE-2017-7645

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect