CVE-2018-16871
high-risk
Published 2019-07-30
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
Do I need to act?
~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Developer Tools
References (14)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2696
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2730
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211004-0002/
Third Party Advisory
https://support.f5.com/csp/article/K18657134
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2696
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2730
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211004-0002/
Third Party Advisory
https://support.f5.com/csp/article/K18657134
50
/ 100
high-risk
Severity
26/34 · High
Exploitability
4/34 · Minimal
Exposure
20/34 · Moderate