CVE-2015-8746

Опубликовано: 15 авг. 2015

Источник: redhat

CVSS2: 3.8

Описание

fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.

A NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client (denial of service).

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address the issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2016:2584	03.11.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2016:2574	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-665

https://bugzilla.redhat.com/show_bug.cgi?id=1295802kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client

3.8 Low

CVSS2

Связанные уязвимости

CVE-2015-8746

CVSS3: 7.5

ubuntu

около 9 лет назад

CVE-2015-8746

CVSS3: 7.5

nvd

около 9 лет назад

CVE-2015-8746

CVSS3: 7.5

debian

около 9 лет назад

fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 d ...

GHSA-8fjr-rrxr-cpv2

CVSS3: 7.5

github

около 3 лет назад

ELSA-2016-2574

oracle-oval

больше 8 лет назад

ELSA-2016-2574: kernel security, bug fix, and enhancement update (IMPORTANT)

3.8 Low

CVSS2