7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.6%
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2
are vulnerable to buffer overflow. NFSD tracks the number of pages held by
each NFSD thread by combining the receive and send buffers of a remote
procedure call (RPC) into a single array of pages. A client can force the
send buffer to shrink by sending an RPC message over TCP with garbage data
added at the end of the message. The RPC message with garbage data is still
correctly formed according to the specification and is passed forward to
handlers. Vulnerable code in NFSD is not expecting the oversized request
and writes beyond the allocated buffer space.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-202.213 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-137.154 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-56.62 | UNKNOWN |
ubuntu | 22.10 | noarch | linux | < 5.19.0-26.27 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.1.0-16.16 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-236.270 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1148.160 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1094.102 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1026.30 | UNKNOWN |
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8
launchpad.net/bugs/cve/CVE-2022-43945
nvd.nist.gov/vuln/detail/CVE-2022-43945
security-tracker.debian.org/tracker/CVE-2022-43945
ubuntu.com/security/notices/USN-5754-1
ubuntu.com/security/notices/USN-5754-2
ubuntu.com/security/notices/USN-5755-1
ubuntu.com/security/notices/USN-5755-2
ubuntu.com/security/notices/USN-5773-1
ubuntu.com/security/notices/USN-5779-1
ubuntu.com/security/notices/USN-5789-1
ubuntu.com/security/notices/USN-5794-1
ubuntu.com/security/notices/USN-5802-1
ubuntu.com/security/notices/USN-5804-1
ubuntu.com/security/notices/USN-5804-2
ubuntu.com/security/notices/USN-5808-1
ubuntu.com/security/notices/USN-5813-1
ubuntu.com/security/notices/USN-5829-1
ubuntu.com/security/notices/USN-5830-1
ubuntu.com/security/notices/USN-5861-1
ubuntu.com/security/notices/USN-5863-1
ubuntu.com/security/notices/USN-5875-1
ubuntu.com/security/notices/USN-5914-1
ubuntu.com/security/notices/USN-5918-1
www.cve.org/CVERecord?id=CVE-2022-43945