A flaw was found in NFS in the Linux Kernel. An attacker who is able to mount an exported NFS filesystem is able to trigger a null pointer dereference by an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Upstream fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01310bb7c9c98752cc763b36532fab028e0f8f81
It appears rhel7 needs this upstream commit commit 01310bb7c9c98752cc763b36532fab028e0f8f81 Author: Scott Mayhew <smayhew> Date: Thu Nov 8 11:11:36 2018 -0500 nfsd: COPY and CLONE operations require the saved filehandle to be set Make sure we have a saved filehandle, otherwise we'll oops with a null pointer dereference in nfs4_preprocess_stateid_op(). Signed-off-by: Scott Mayhew <smayhew> Cc: stable.org Signed-off-by: J. Bruce Fields <bfields> Since it was our guy that found and fixed I wonder if the is a bz in he pipline.
(In reply to Steve Dickson from comment #8) > It appears rhel7 needs this upstream commit > Confirmed... The patch stops the oops and returns the error... I looked it does not appear there is another bz opened on this problem.... Please advise on how to move forward on this...
Acknowledgments: Name: Jasu Liedes (Synopsys SIG), Hangbin Liu (Red Hat)
After review this got bumped to "Moderate" and now qualifies for Z stream. Its kinda nasty and would STILL recommend fixing this.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1716249]
This was fixed for Fedora with the 4.20 stable rebases.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1873
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1891 https://access.redhat.com/errata/RHSA-2019:1891
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-16871
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2696
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:2730
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0740 https://access.redhat.com/errata/RHSA-2020:0740
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769