cbcvebase.
CVE-2022-43945
published 2022-11-04

CVE-2022-43945: The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD…

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
21.31%
97.3th percentile
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected

17 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 6.0.3-1 (bookworm)linux 6.0.3-1 (bookworm)
linuxlinux_kernel< 6.0.26.0.2
linuxlinux_kernel< 5.19.175.19.17
linuxlinux_kernel>= 0 < 5.10.221-15.10.221-1
linuxlinux_kernel>= 0 < 6.0.3-16.0.3-1
linuxlinux_kernel>= 0 < 6.0.3-16.0.3-1
linuxlinux_kernel>= 0 < 6.0.3-16.0.3-1
linuxlinux_kernel>= 0 < 4.15.0-202.2134.15.0-202.213
linuxlinux_kernel>= 0 < 5.4.0-137.1545.4.0-137.154
linuxlinux_kernel>= 0 < 5.15.0-56.625.15.0-56.62
linuxlinux_kernel>= 0 < 4.4.0-236.2704.4.0-236.270
linuxlinux_kernel>= 0 < 4.15.0-202.2134.15.0-202.213
linuxlinux_kernel>= 0 < 5.4.0-137.1545.4.0-137.154
linuxlinux_kernel>= 0 < 5.15.0-58.645.15.0-58.64
linuxlinux_kernel>= 6.0 < 6.0.26.0.2
msrccbl2_kernel_5.15.82.1-1_on_cbl_mariner_2.0
msrccm1_kernel_5.10.158.1-1_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv8.8HIGH
vendor_ubuntu8.0HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.