cbcvebase.
CVE-2017-7895
published 2017-04-28

CVE-2017-7895: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to…

PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
10.81%
95.3th percentile
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

Affected

15 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianlinux< linux 4.9.25-1 (bookworm)linux 4.9.25-1 (bookworm)
linuxlinux_kernel< 3.2.893.2.89
linuxlinux_kernel>= 0 < 4.9.25-14.9.25-1
linuxlinux_kernel>= 0 < 4.9.25-14.9.25-1
linuxlinux_kernel>= 0 < 4.9.25-14.9.25-1
linuxlinux_kernel>= 0 < 4.9.25-14.9.25-1
linuxlinux_kernel>= 0 < 3.13.0-125.1743.13.0-125.174
linuxlinux_kernel>= 0 < 4.4.0-79.1004.4.0-79.100
linuxlinux_kernel>= 3.17.0 < 4.1.404.1.40
linuxlinux_kernel>= 3.3 < 3.16.443.16.44
linuxlinux_kernel>= 4.10 < 4.10.144.10.14
linuxlinux_kernel>= 4.2 < 4.4.674.4.67
linuxlinux_kernel>= 4.5.0 < 4.9.264.9.26

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.