CVE-2022-43945
Vulnerability Summary
Timeline
Description
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.22%• Percentile: 45%
Techniques & Countermeasures
- CWE-131•Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
- CWE-770•Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Affected Systems
- linux•linux_kernel
< 6.0.2 | < 5.19.17 | ≥ 6.0, < 6.0.2
- netapp•active_iq_unified_manager
na
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500s_firmware
na
- netapp•h700s_firmware
na
References (4)
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8
- https://security.netapp.com/advisory/ntap-20221215-0006/
- http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html