The NFS (Network File System) is a protocol used to access and share files over a network. This vulnerability allows an attacker to gain privileges on a server by creating a writable kmem device and setting the UID to 0, exploiting a weakness in the mknod command.
You're affected if you use NFS servers with versions prior to 3.0.6 (not specified in advisory). Check with: grep -q "mknod" /etc/nfs.conf or find / -name "nfsd*" | xargs -I {} grep -q "kmem device" to detect the presence of mknod.
Note: This vulnerability is specific to NFS servers and not related to other file systems like NTFS, HFS+, or ext4. If you don't recognize the name "NFS" or are unsure about your system's configuration, you're probably not affected.
Upgrade to NFS 3.0.6 or later: https://www.nfs.org/download.html
- Immediate mitigations:
- Disable mknod command execution by setting mknod to /bin/false: echo "mknod /bin/false" >> /etc/nfs.conf
- Audit system logs for suspicious activity related to mknod