DEBIAN-CVE-2017-8797

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2017-8797

Published: 02 Jul 2017, 17:29

Last modified:28 Apr 2026, 20:17

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Jul 2017, 17:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:17

Last Modified

Vulnerability information updated

Description

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

debian•linux
< 4.9.30-1 | < 4.9.30-1 | < 4.9.30-1 | < 4.9.30-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2017-8797