Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2017-8797: nfsd: encoders mustn't use unitialized values in error cases · torvalds/linux@f961e3f

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

CVE
#linux#perl

Permalink

Browse files

nfsd: encoders mustn’t use unitialized values in error cases

In error cases, lgp->lg_layout_type may be out of bounds; so we shouldn’t be using it until after the check of nfserr.

This was seen to crash nfsd threads when the server receives a LAYOUTGET request with a large layout type.

GETDEVICEINFO has the same problem.

Reported-by: Ari Kauppi [email protected] Reviewed-by: Christoph Hellwig [email protected] Cc: [email protected] Signed-off-by: J. Bruce Fields [email protected]

  • Loading branch information

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907