CVE-2018-16871 — HIGH (7.5)

Q: How severe is CVE-2018-16871?

CVE-2018-16871 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16871?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Developer Tools, Redhat Mrg Realtime, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.0, <= 4.20
Redhat	Developer Tools	1.0
Redhat	Mrg Realtime	2.0
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	7.4
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Eus	7.6
Redhat	Enterprise Linux Server Tus	7.4
Redhat	Enterprise Linux Workstation	7.0
Netapp	Cloud Backup	-
Netapp	H410C Firmware	-
Netapp	H410C	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-

Related Weaknesses (CWE)

CWE-476

References

https://access.redhat.com/errata/RHSA-2019:2696Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2730Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871Issue TrackingThird Party Advisory
https://security.netapp.com/advisory/ntap-20211004-0002/Third Party Advisory
https://support.f5.com/csp/article/K18657134Third Party Advisory
https://support.f5.com/csp/article/K18657134?utm_source=f5support&amp%3Butm_medi
https://access.redhat.com/errata/RHSA-2019:2696Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2730Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871Issue TrackingThird Party Advisory
https://security.netapp.com/advisory/ntap-20211004-0002/Third Party Advisory
https://support.f5.com/csp/article/K18657134Third Party Advisory
https://support.f5.com/csp/article/K18657134?utm_source=f5support&amp%3Butm_medi

FAQ

What is CVE-2018-16871?

CVE-2018-16871 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null poi...

How severe is CVE-2018-16871?

CVE-2018-16871 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16871?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Developer Tools, Redhat Mrg Realtime, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.