Vulnetix
Try Vulnetix Request Demo
CVE-2017-8797 PUBLISHED

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

EPSS 30.42% · 96.7th percentile

Risk Scores

EPSS Score
30.42%
96.7th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSlinux-raspi25.3.0-1015.17, 5.3.0-1017.19, 5.4.0-1004.4
Ubuntu:16.04:LTSlinux-gcp4.10.0-1007.7, 4.10.0-1006.6, 4.10.0-1004.4
Ubuntu:20.04:LTSlinux-gke5.4.0-1099.106, 5.4.0-1101.108, 5.4.0-1102.109
Ubuntu:16.04:LTSlinux-aws4.4.0-1013.22, 4.4.0-1016.25, 4.4.0-1017.26
Ubuntu:22.04:LTSlinux-riscv5.15.0-1004.4, 5.15.0-1028.32, 5.15.0-1027.31
Ubuntu:16.04:LTSlinux4.4.0-81.104, 4.4.0-79.100, 4.4.0-78.99
Ubuntu:20.04:LTSlinux-riscv5.4.0-26.30, 0, 5.4.0-24.28
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1069.72+cvm1.1, 5.4.0-1072.75+cvm1.1, 5.4.0-1073.76+cvm1.1
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:16.04:LTSlinux-raspi24.4.0-1027.33, 4.4.0-1021.27, 4.4.0-1023.29
Ubuntu:24.04:LTSlinux-raspi-realtime6.8.0-2019.20, 0
Ubuntu:16.04:LTSlinux-snapdragon4.4.0-1059.63, 4.4.0-1058.62, 4.4.0-1057.61
Ubuntu:14.04:LTSlinux-lts-xenial4.4.0-53.74~14.04.1, 4.4.0-75.96~14.04.1, 4.4.0-72.93~14.04.1
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0
Ubuntu:16.04:LTSlinux-hwe4.8.0-46.49~16.04.1, 4.8.0-45.48~16.04.1, 4.8.0-44.47~16.04.1

Timeline

References

Open in Interactive Console →