NFS: Linux Kernel NFSv4 nfsd PNFS Denial of Service
This signature detects attempts to exploit a known vulnerability in the NFSv4 component of the Linux Kernel. Successful exploitation will result in a denial-of-service condition.
Extended Description
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.
Affected Products
Linux linux_kernel
Short Name
NFS:LINUX-NFS-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
NFS
Keywords
CVE-2017-8797 Denial Kernel Linux NFSv4 PNFS Service bid:99298 nfsd of
Release Date
10/04/2017
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Linux
CVSS Score
7.8