Bug 2141752 (CVE-2022-43945) - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data
Summary: CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garb...
Keywords:
Status: NEW
Alias: CVE-2022-43945
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2141770 2141773 2141774 2143172 2143174 2143175 2143184 2141768 2141769 2141771 2141772 2142346 2143173 2143185 2143186 2143187 2143188
Blocks: 2140235
TreeView+ depends on / blocked
 
Reported: 2022-11-10 17:33 UTC by Alex
Modified: 2023-01-23 15:23 UTC (History)
58 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A buffer overflow flaw was found in the Linux kernel nfsd (network file system) subsystem. The way a user sends RPC over TCP with excess data added at the end of the message could allow a remote user to starve the resources, causing a denial of service.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:9021 0 None None None 2022-12-14 12:03:06 UTC
Red Hat Product Errata RHSA-2022:8973 0 None None None 2022-12-13 16:06:05 UTC
Red Hat Product Errata RHSA-2022:8974 0 None None None 2022-12-13 16:06:44 UTC
Red Hat Product Errata RHSA-2022:9082 0 None None None 2022-12-15 16:24:45 UTC
Red Hat Product Errata RHSA-2023:0300 0 None None None 2023-01-23 15:17:09 UTC
Red Hat Product Errata RHSA-2023:0334 0 None None None 2023-01-23 15:21:33 UTC
Red Hat Product Errata RHSA-2023:0348 0 None None None 2023-01-23 15:23:20 UTC

Description Alex 2022-11-10 17:33:07 UTC
A flaw in the Linux Kernel nfsd (network file system) found. Remote user can send RPC over TCP with garbage data added at the end of the message. It can lead to NFSD send/receive buffer overflow on the server side, but without actual out of bounds memory access, so only deny of service possible.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8

Comment 15 errata-xmlrpc 2022-12-13 16:06:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8973 https://access.redhat.com/errata/RHSA-2022:8973

Comment 16 errata-xmlrpc 2022-12-13 16:06:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8974 https://access.redhat.com/errata/RHSA-2022:8974

Comment 17 errata-xmlrpc 2022-12-15 16:24:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:9082 https://access.redhat.com/errata/RHSA-2022:9082

Comment 19 errata-xmlrpc 2023-01-23 15:17:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0300 https://access.redhat.com/errata/RHSA-2023:0300

Comment 20 errata-xmlrpc 2023-01-23 15:21:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0334 https://access.redhat.com/errata/RHSA-2023:0334

Comment 21 errata-xmlrpc 2023-01-23 15:23:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0348 https://access.redhat.com/errata/RHSA-2023:0348


Note You need to log in before you can comment on or make changes to this bug.