CVE-2017-7895

NameCVE-2017-7895
DescriptionThe NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-993-1, DSA-3886-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye (security), bullseye5.10.223-1fixed
bookworm6.1.106-3fixed
bookworm (security)6.1.112-1fixed
trixie6.10.11-1fixed
sid6.10.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcewheezy3.2.89-1DLA-993-1
linuxsourcejessie3.16.43-2+deb8u1DSA-3886-1
linuxsource(unstable)4.9.25-1

Notes

Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309

Search for package or bug name: Reporting problems