The NFSv3 server in the Linux kernel does not properly handle payload bounds checking of WRITE requests, which allows remote attackers to read up to about 1 MB - 4096 bytes of kernel memory to a file. Write access to a NFS mount is required. References: http://seclists.org/oss-sec/2017/q2/196 Upstream patch: https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
Acknowledgments: Name: Ari Kauppi
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1446541]
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2017:1647 https://access.redhat.com/errata/RHSA-2017:1647
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1615 https://access.redhat.com/errata/RHSA-2017:1615
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1616 https://access.redhat.com/errata/RHSA-2017:1616
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 Advanced Update Support Via RHSA-2017:1715 https://access.redhat.com/errata/RHSA-2017:1715
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1723 https://access.redhat.com/errata/RHSA-2017:1723
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Extended Update Support Via RHSA-2017:1766 https://access.redhat.com/errata/RHSA-2017:1766
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Red Hat Enterprise Linux 6.6 Telco Extended Update Support Via RHSA-2017:1798 https://access.redhat.com/errata/RHSA-2017:1798
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Via RHSA-2017:2412 https://access.redhat.com/errata/RHSA-2017:2412
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2017:2429 https://access.redhat.com/errata/RHSA-2017:2429
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.5 Telco Extended Update Support Via RHSA-2017:2428 https://access.redhat.com/errata/RHSA-2017:2428
This issue has been addressed in the following products: Red Hat Enterprise Linux 5.9 Long Life Via RHSA-2017:2472 https://access.redhat.com/errata/RHSA-2017:2472
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 Advanced Update Support Via RHSA-2017:2732 https://access.redhat.com/errata/RHSA-2017:2732