Vulnerability Details : CVE-2018-16871
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
Vulnerability category: Memory Corruption
Products affected by CVE-2018-16871
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:mrg_realtime:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Threat overview for CVE-2018-16871
Top countries where our scanners detected CVE-2018-16871
Top open port discovered on systems with this issue
53
IPs affected by CVE-2018-16871 673,208
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-16871!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-16871
1.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16871
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Red Hat, Inc. | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-16871
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2018-16871
-
https://access.redhat.com/errata/RHSA-2020:0740
RHSA-2020:0740 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871
1655162 – (CVE-2018-16871) CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequenceIssue Tracking;Third Party Advisory
-
https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS
Linux kernel vulnerability CVE-2018-16871
-
https://support.f5.com/csp/article/K18657134
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2696
RHSA-2019:2696 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2730
RHSA-2019:2730 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20211004-0002/
CVE-2018-16871 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to