The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
3.13.0-165.2154.4.0-87.110~14.04.14.4.0-87.1104.4.0-1026.354.4.0-1022.224.8.0-56.61~16.04.14.4.0-1065.734.4.0-1067.725.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more5.4.0-1033.355.4.0-1035.375.4.0-1036.385.4.0-1037.395.4.0-1039.415.4.0-1041.435.4.0-1042.445.4.0-1043.455.4.0-1044.465.4.0-1046.48+41 moreExploitability
AV:NAC:LPR:NUI:RScope
S:UImpact
C:NI:NA:HCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H