The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
Fixed in kernel-2.6.32-696.6.3.el6.x86_64.rpm
The Unitrends security update dated 08/31/2017 or later includes this fix.
LINK TO ADVISORIES