DEBIAN-CVE-2017-8797

DEBIAN-CVE-2017-8797 PUBLISHED CVSS 7.5 HIGH

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	linux	0, 0, 0
Debian:11	linux	0, 0, 0
Debian:12	linux	0, 0, 0
Debian:13	linux	0, 0, 0

Timeline

Jul 2, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-8797 advisory

Open in Interactive Console →