CVE-2017-7895
CRITICAL EPSS 95.3%
Published Apr 28, 20179y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Apr 28, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
95.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 8
References 16
- debian.org http://www.debian.org/security/2017/dsa-3886
- securityfocus.com http://www.securityfocus.com/bid/98085
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:1615
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:1616
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:1647
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:1715
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:1723
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:1766
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:1798
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:2412
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:2428
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:2429
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:2472
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:2732
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309
- github.com https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
Remediation
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309
- github.com https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309