CVE-2021-38202

Опубликовано: 06 июл. 2021

Источник: redhat

CVSS3: 7.5

Описание

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.

A flaw was found in Linux kernel. A remote attacker could cause a denial of service attack by sending NFS traffic when trace event framework is being used for nfsd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Отчет

There was no shipped kernel version that was seen affected by this problem.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1992741kernel: out-of-bounds read in TRACE_EVENT() in fs/nfsd/trace.h by sending NFS traffic when the trace event framework is being used for nfsd

7.5 High

CVSS3