The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: SNPS
Published: 2022-11-04T00:00:00
Updated: 2024-08-03T13:40:06.873Z
Reserved: 2022-10-26T00:00:00
Link: CVE-2022-43945
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-04T19:15:11.180
Modified: 2024-11-21T07:27:23.453
Link: CVE-2022-43945
Redhat