CVE-2018-16871 Information

Feb 14, 2021 cve

Description

A flaw was found in the Linux kernel’s NFS implementation all versions 3.x and all versions 4.x up to 4.20. An attacker who is able to mount an exported NFS filesystem is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2020:0740 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871 https://support.f5.com/csp/article/K18657134 https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: