Fedora Account System
Red Hat Associate
Red Hat Customer
The NFSv3 server in the Linux kernel does not properly handle payload bounds checking of WRITE requests, which allows remote attackers to read up to about 1 MB - 4096 bytes of kernel memory to a file. Write access to a NFS mount is required. References: http://seclists.org/oss-sec/2017/q2/196 Upstream patch: https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
Acknowledgments: Name: Ari Kauppi
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1446541]
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1647
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1615
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1616
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 Advanced Update Support Via RHSA-2017:1715 https://access.redhat.com/errata/RHSA-2017:1715
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1723 https://access.redhat.com/errata/RHSA-2017:1723
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Extended Update Support Via RHSA-2017:1766 https://access.redhat.com/errata/RHSA-2017:1766
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Red Hat Enterprise Linux 6.6 Telco Extended Update Support Via RHSA-2017:1798 https://access.redhat.com/errata/RHSA-2017:1798
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Via RHSA-2017:2412 https://access.redhat.com/errata/RHSA-2017:2412
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2017:2429 https://access.redhat.com/errata/RHSA-2017:2429
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.5 Telco Extended Update Support Via RHSA-2017:2428 https://access.redhat.com/errata/RHSA-2017:2428
This issue has been addressed in the following products: Red Hat Enterprise Linux 5.9 Long Life Via RHSA-2017:2472 https://access.redhat.com/errata/RHSA-2017:2472
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 Advanced Update Support Via RHSA-2017:2732 https://access.redhat.com/errata/RHSA-2017:2732