CVE-2022-43945
CVE-2022-43945
In short
A flaw in Linux kernel's file-sharing service (NFSD) allows an authenticated attacker to crash the server by sending specially crafted network messages that trick the system into writing data beyond allocated memory limits.
Technical detail
NFSD prior to versions 5.19.17 and 6.0.2 improperly manages buffer boundaries when processing RPC messages over TCP containing appended garbage data. An authenticated remote attacker can trigger a buffer overflow by manipulating the RPC message structure, causing the kernel to write beyond allocated buffer space and resulting in denial of service through system crash or hang.
Summary generated and translated by AI from the official description.
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
linux · linux_kernelWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8https://security.netapp.com/advisory/ntap-20221215-0006/