This security bulletin contains one medium risk vulnerability.
CWE-119 - Memory corruption
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform a denial of service attacl.
The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.Vulnerable software versions
Linux kernel: before 6.0.2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?