Denial of service in Linux kernel - CVE-2017-8797
Published: June 28, 2017 / Updated: June 29, 2017
Vulnerability identifier: #VU7213
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-8797
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the Linux kernel NFSv4 Server due to insufficient validation of user-supplied input. A remote attacker on a system within the target mount's host address mask rang can send a specially crafted NFSv4 pNFS LAYOUTGET command via UDP, trigger an array deference error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in the Linux kernel NFSv4 Server due to insufficient validation of user-supplied input. A remote attacker on a system within the target mount's host address mask rang can send a specially crafted NFSv4 pNFS LAYOUTGET command via UDP, trigger an array deference error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-8797
Install update from vendor's website.