Improper resource shutdown or release in Linux kernel - CVE-2017-9059

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU92432

Improper resource shutdown or release in Linux kernel - CVE-2017-9059

Published: May 18, 2017 / Updated: October 3, 2019


Vulnerability identifier: #VU92432
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9059
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource shutdown or release error within the svc_rdma_destroy_ctxts(), svc_rdma_wc_send(), rdma_create_xprt(), svc_rdma_accept() and __svc_rdma_free() functions in net/sunrpc/xprtrdma/svc_rdma_transport.c, within the xdr_padsize(), svc_rdma_get_write_arrays(), svc_rdma_prep_reply_hdr() and svc_rdma_sendto() functions in net/sunrpc/xprtrdma/svc_rdma_sendto.c, within the rdma_read_complete() and svc_rdma_recvfrom() functions in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c, within the dprintk() function in net/sunrpc/xprtrdma/svc_rdma_marshal.c, within the svc_rdma_handle_bc_reply(), svc_rdma_send() and svc_rdma_bc_sendto() functions in net/sunrpc/xprtrdma/svc_rdma_backchannel.c, within the svc_rdma_init() function in net/sunrpc/xprtrdma/svc_rdma.c, within the rpcrdma-$() function in net/sunrpc/xprtrdma/makefile, within the svc_create_pooled() and svc_set_num_threads() functions in net/sunrpc/svc.c, within the nfsd_cross_mnt() and nfsd_lookup_parent() functions in fs/nfsd/vfs.c, within the nfssvc_decode_readargs(), nfssvc_decode_readlinkargs() and nfssvc_decode_readdirargs() functions in fs/nfsd/nfsxdr.c, within the nfsd4_encode_getdeviceinfo() and nfsd4_encode_layoutget() functions in fs/nfsd/nfs4xdr.c, within the copy_clid() function in fs/nfsd/nfs4state.c, within the nfsd4_layout_verify() function in fs/nfsd/nfs4proc.c, within the nfs3svc_decode_readargs(), nfs3svc_decode_readlinkargs(), nfs3svc_decode_readdirargs() and nfs3svc_decode_readdirplusargs() functions in fs/nfsd/nfs3xdr.c, within the nfs4_callback_svc(), nfs41_callback_svc(), defined() and nfs_callback_create_svc() functions in fs/nfs/callback.c, within the nlmsvc_grant_reply() function in fs/lockd/svclock.c, within the lockd() and lockd_down_net() functions in fs/lockd/svc.c. A local user can perform a denial of service (DoS) attack.


How to mitigate CVE-2017-9059

Install update from vendor's repository.

Sources