CVE-2017-7645 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-7645 PUBLISHED

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

EPSS 19.99% · 95.4th percentile

Risk Scores

EPSS Score

19.99%

95.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	linux-aws	4.4.0-1017.26, 0, 4.4.0-1003.12
Ubuntu:24.04:LTS	linux-lowlatency-hwe-6.11	, , *
Ubuntu:16.04:LTS	linux-raspi2	4.4.0-1044.51, 4.4.0-1019.25, 4.4.0-1016.22
Ubuntu:20.04:LTS	linux-azure-fde	*, 5.4.0-1091.96+cvm1.1, 5.4.0-1090.95+cvm1.1
Ubuntu:24.04:LTS	linux-raspi-realtime	0, 6.8.0-2019.20
Ubuntu:14.04:LTS	linux	3.13.0-30.54, 3.13.0-73.116, 3.13.0-41.70
Ubuntu:24.04:LTS	linux-azure-6.11	, , *
Ubuntu:22.04:LTS	linux-realtime	0, 5.15.0-1032.35
Ubuntu:16.04:LTS	linux	4.2.0-16.19, 4.4.0-66.87, 4.4.0-65.86
Ubuntu:20.04:LTS	linux-gke	5.4.0-1071.76, 5.4.0-1067.70, 5.4.0-1066.69
Ubuntu:24.04:LTS	linux-gcp-6.11	*, 0, 6.11.0-1006.6~24.04.2
Ubuntu:24.04:LTS	linux-hwe-6.11	6.11.0-29.29~24.04.1, 6.11.0-28.28~24.04.1, 6.11.0-25.25~24.04.1
Ubuntu:20.04:LTS	linux-raspi2	5.4.0-1006.6, 5.3.0-1015.17, 5.3.0-1014.16
Ubuntu:14.04:LTS	linux-lts-xenial	0, ,
Ubuntu:22.04:LTS	linux-intel-iot-realtime	0, 5.15.0-1073.75
Ubuntu:Pro:20.04:LTS	linux-azure-fde-5.15	5.15.0-1103.112~20.04.1.1, ,
Ubuntu:16.04:LTS	linux-snapdragon	0, 4.4.0-1042.46, 4.4.0-1039.43
Ubuntu:16.04:LTS	linux-hwe	0, ,
Ubuntu:20.04:LTS	linux-riscv	5.4.0-24.28, 5.4.0-26.30, 0
Ubuntu:16.04:LTS	linux-gke	4.4.0-1013.13, 4.4.0-1005.6, 4.4.0-1003.3

…and 1 more

Timeline

Apr 18, 2017 CVE Published
Apr 14, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score
Mar 29, 2023 EPSS Score
May 8, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-7645 third-party-advisory
https://marc.info/?l=linux-nfs&m=149218228327497&w=2 third-party-advisory
https://marc.info/?l=linux-nfs&m=149247516212924&w=2 third-party-advisory
https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e third-party-advisory
https://github.com/torvalds/linux/commit/db44bac41bbfc0c0d9dd943092d8bded3c9db19b third-party-advisory
https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309 third-party-advisory
https://ubuntu.com/security/notices/USN-3314-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3312-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3312-2 vendor-advisory
https://ubuntu.com/security/notices/USN-3361-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3754-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2017-7645 third-party-advisory

Open in Interactive Console →