Vulnerability Details : CVE-2017-7645
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-7645
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7645
16.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7645
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-7645
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7645
-
https://usn.ubuntu.com/3754-1/
USN-3754-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1647
RHSA-2017:1647 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1615
RHSA-2017:1615 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://marc.info/?l=linux-nfs&m=149247516212924&w=2
'Re: [PATCH] nfsd: check for oversized NFSv2/v3 arguments' - MARCMailing List;Patch;Third Party Advisory
-
http://www.debian.org/security/2017/dsa-3886
Debian -- Security Information -- DSA-3886-1 linuxThird Party Advisory
-
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Security fixes in StruxureWare Data Center Expert v7.6.0 - User assistance for StruxureWare Data Center Expert 7.x - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotzThird Party Advisory
-
http://www.securityfocus.com/bid/97950
Linux Kernel CVE-2017-7645 Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://marc.info/?l=linux-nfs&m=149218228327497&w=2
'[PATCH] nfsd: check for oversized NFSv2/v3 arguments' - MARCMailing List;Patch;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1616
RHSA-2017:1616 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1319
RHSA-2018:1319 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e
nfsd: check for oversized NFSv2/v3 arguments · torvalds/linux@e6838a2 · GitHubPatch;Third Party Advisory
Jump to