CVE-2017-7895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7895): The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
Upstream fix: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309 Present in >=linux-4.9.26 >=linux-4.4.67 Absent in linux-4.1 linux-3.12 linux-3.10 linux-3.4
Fix in 4.9.26, 4.11