VDB
CVE-2018-16871
CVE-2018-16871
PUBLISHED
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
EPSS 1.50% · 81.5th percentile
Risk Scores
EPSS Score
1.50%
81.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | linux-oracle | 0, 4.15.0-1008.10~16.04.1, 4.15.0-1007.9~16.04.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:18.04:LTS | linux-aws | 4.15.0-1027.27, 0, 4.15.0-1001.1 |
| Ubuntu:18.04:LTS | linux | 4.15.0-43.46, 4.15.0-45.48, 4.13.0-17.20 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1002.3, 4.15.0-1012.15, 4.15.0-1006.9 |
| Ubuntu:18.04:LTS | linux-oracle | 0, 4.15.0-1008.10, 4.15.0-1007.9 |
| Ubuntu:16.04:LTS | linux-aws-hwe | *, 4.15.0-1032.34~16.04.1, 4.15.0-1031.33~16.04.1 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1015.17, 5.3.0-1017.19, 5.4.0-1004.4 |
| Ubuntu:18.04:LTS | linux-kvm | 4.15.0-1016.16, 4.15.0-1017.17, 4.15.0-1020.20 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 0, 6.8.0-2019.20 |
| Ubuntu:14.04:LTS | linux-azure | 4.15.0-1023.24~14.04.1, 0, 4.15.0-1035.36~14.04.2 |
| Ubuntu:18.04:LTS | linux-hwe | 0, 4.18.0-13.14~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure | 4.15.0-1022.23, 4.15.0-1021.21, 4.15.0-1019.19 |
| Ubuntu:22.04:LTS | linux-riscv | *, 5.15.0-1022.26, 5.15.0-1020.23 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1003.3, 4.15.0-1001.1, 0 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-40.45, 0, 5.4.0-24.28 |
| Ubuntu:16.04:LTS | linux-azure | 4.13.0-1018.21, 0, 4.11.0-1009.9 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1078.84, 5.4.0-1076.82, 5.4.0-1074.79 |
| Ubuntu:16.04:LTS | linux-gcp | 4.13.0-1002.5, 4.13.0-1007.10, 4.13.0-1008.11 |
…and 4 more
Timeline
- Jul 19, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-16871 third-party-advisory
- https://git.kernel.org/linus/01310bb7c9c98752cc763b36532fab028e0f8f81 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-16871 third-party-advisory