Bug 2141752 (CVE-2022-43945) - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data
Summary: CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garb...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-43945
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2141768 2141769 2141770 2141771 2141772 2141773 2141774 2142346 2143172 2143173 2143174 2143175 2143184 2143185 2143186 2143187 2143188 2167765
Blocks: 2140235
TreeView+ depends on / blocked
 
Reported: 2022-11-10 17:33 UTC by Alex
Modified: 2023-12-07 15:08 UTC (History)
57 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-05-16 21:11:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:9021 0 None None None 2022-12-14 12:03:06 UTC
Red Hat Product Errata RHSA-2022:8973 0 None None None 2022-12-13 16:06:05 UTC
Red Hat Product Errata RHSA-2022:8974 0 None None None 2022-12-13 16:06:44 UTC
Red Hat Product Errata RHSA-2022:9082 0 None None None 2022-12-15 16:24:45 UTC
Red Hat Product Errata RHSA-2023:0300 0 None None None 2023-01-23 15:17:09 UTC
Red Hat Product Errata RHSA-2023:0334 0 None None None 2023-01-23 15:21:33 UTC
Red Hat Product Errata RHSA-2023:0348 0 None None None 2023-01-23 15:23:20 UTC
Red Hat Product Errata RHSA-2023:0832 0 None None None 2023-02-21 09:21:34 UTC
Red Hat Product Errata RHSA-2023:0839 0 None None None 2023-02-21 09:22:56 UTC
Red Hat Product Errata RHSA-2023:0854 0 None None None 2023-02-21 08:58:05 UTC

Description Alex 2022-11-10 17:33:07 UTC 
A flaw in the Linux Kernel nfsd (network file system) found. Remote user can send RPC over TCP with garbage data added at the end of the message. It can lead to NFSD send/receive buffer overflow on the server side, but without actual out of bounds memory access, so only deny of service possible.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8
Comment 15 errata-xmlrpc 2022-12-13 16:06:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8973 https://access.redhat.com/errata/RHSA-2022:8973
Comment 16 errata-xmlrpc 2022-12-13 16:06:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8974 https://access.redhat.com/errata/RHSA-2022:8974
Comment 17 errata-xmlrpc 2022-12-15 16:24:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:9082 https://access.redhat.com/errata/RHSA-2022:9082
Comment 19 errata-xmlrpc 2023-01-23 15:17:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0300 https://access.redhat.com/errata/RHSA-2023:0300
Comment 20 errata-xmlrpc 2023-01-23 15:21:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0334 https://access.redhat.com/errata/RHSA-2023:0334
Comment 21 errata-xmlrpc 2023-01-23 15:23:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0348 https://access.redhat.com/errata/RHSA-2023:0348
Comment 22 Alex 2023-02-07 13:40:56 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2167765]
Comment 23 Justin M. Forbes 2023-02-09 22:06:22 UTC 
This was fixed for Fedora with the 5.19.17 stable kernel updates.
Comment 24 errata-xmlrpc 2023-02-21 08:58:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0854 https://access.redhat.com/errata/RHSA-2023:0854
Comment 25 errata-xmlrpc 2023-02-21 09:21:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0832 https://access.redhat.com/errata/RHSA-2023:0832
Comment 26 errata-xmlrpc 2023-02-21 09:22:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0839 https://access.redhat.com/errata/RHSA-2023:0839
Comment 30 Product Security DevOps Team 2023-05-16 21:11:12 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-43945
Note You need to log in before you can comment on or make changes to this bug.