CVE-2018-16871

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

References

https://access.redhat.com/errata/RHSA-2019:2696

https://access.redhat.com/errata/RHSA-2019:2730

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871

https://support.f5.com/csp/article/K18657134

https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS

Details

Source: MITRE

Published: 2019-07-30

Updated: 2019-09-10

Type: CWE-476

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
145850CentOS 8 : kernel (CESA-2020:1769)NessusCentOS Local Security Checks
critical
138766NewStart CGSL MAIN 6.01 : kernel Multiple Vulnerabilities (NS-SA-2020-0030)NessusNewStart CGSL Local Security Checks
critical
136116RHEL 8 : kernel-rt (RHSA-2020:1567)NessusRed Hat Local Security Checks
critical
136115RHEL 8 : kernel (RHSA-2020:1769)NessusRed Hat Local Security Checks
critical
134735EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269)NessusHuawei Local Security Checks
critical
134361RHEL 7 : kernel-alt (RHSA-2020:0740)NessusRed Hat Local Security Checks
high
133458Virtuozzo 7 : readykernel-patch (VZA-2019-068)NessusVirtuozzo Local Security Checks
high
133457Virtuozzo 7 : readykernel-patch (VZA-2019-064)NessusVirtuozzo Local Security Checks
high
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
129920NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)NessusNewStart CGSL Local Security Checks
medium
129900NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)NessusNewStart CGSL Local Security Checks
medium
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
128929EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)NessusHuawei Local Security Checks
critical
128854RHEL 6 : MRG (RHSA-2019:2730)NessusRed Hat Local Security Checks
high
128842EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)NessusHuawei Local Security Checks
high
128662RHEL 7 : kernel (RHSA-2019:2696)NessusRed Hat Local Security Checks
high
127985Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)NessusOracle Linux Local Security Checks
high
127726Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729)NessusScientific Linux Local Security Checks
high
127623RHEL 7 : kernel-rt (RHSA-2019:1891)NessusRed Hat Local Security Checks
high
127618RHEL 7 : kernel (RHSA-2019:1873)NessusRed Hat Local Security Checks
high
127603Oracle Linux 7 : kernel (ELSA-2019-1873)NessusOracle Linux Local Security Checks
high
127469CentOS 7 : kernel (CESA-2019:1873)NessusCentOS Local Security Checks
high
126897openSUSE Security Update : the Linux Kernel (openSUSE-2019-1757)NessusSuSE Local Security Checks
high
126884openSUSE Security Update : the Linux Kernel (openSUSE-2019-1716)NessusSuSE Local Security Checks
high
126744SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1855-1) (SACK Slowness)NessusSuSE Local Security Checks
high
126741SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1851-1) (SACK Slowness)NessusSuSE Local Security Checks
high
126691SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1)NessusSuSE Local Security Checks
high
126499SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1744-1)NessusSuSE Local Security Checks
high