Описание
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.
Меры по смягчению последствий
While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise MRG 2 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2020:5441 | 15.12.2020 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2020:4279 | 19.10.2020 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2020:5437 | 15.12.2020 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2021:0760 | 09.03.2021 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | kernel | Fixed | RHSA-2021:0760 | 09.03.2021 |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | kernel | Fixed | RHSA-2021:0760 | 09.03.2021 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | kernel | Fixed | RHSA-2021:0878 | 16.03.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP2)
EPSS
7 High
CVSS3