Red Hat update for Linux Kernel

Published: 2017-08-16 15:47:03 | Updated: 2017-08-16 15:58:06
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-7895
CVSSv3 6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Red Hat Enterprise Linux
Vulnerable software versions Red Hat Enterprise Linux 5.9
Vendor URL Red Hat Inc.

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to boundary error when handling a user-supplied input. A remote attacker can send a specially crafted request, trigger pointer-arithmetic errors or possibly have unspecified other impact related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

Successful exploitation of the vulnerability results in access to the system.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:2472

Back to List