CVE-2022-43945: Buffer Overflow
First published: Mon Oct 03 2022(Updated: )
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Credit: disclosure@synopsys.com disclosure@synopsys.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-425.13.1.rt7.223.el8_7 | 0:4.18.0-425.13.1.rt7.223.el8_7 |
| redhat/kernel | <0:4.18.0-425.13.1.el8_7 | 0:4.18.0-425.13.1.el8_7 |
| redhat/kernel | <0:5.14.0-162.12.1.el9_1 | 0:5.14.0-162.12.1.el9_1 |
| redhat/kernel-rt | <0:5.14.0-162.12.1.rt21.175.el9_1 | 0:5.14.0-162.12.1.rt21.175.el9_1 |
| redhat/kernel | <0:5.14.0-70.36.1.el9_0 | 0:5.14.0-70.36.1.el9_0 |
| redhat/kernel-rt | <0:5.14.0-70.36.1.rt21.108.el9_0 | 0:5.14.0-70.36.1.rt21.108.el9_0 |
| Linux Linux kernel | <5.19.17 | |
| Linux Linux kernel | >=6.0<6.0.2 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| ubuntu/linux | <4.15.0-202.213 | 4.15.0-202.213 |
| ubuntu/linux | <5.4.0-137.154 | 5.4.0-137.154 |
| ubuntu/linux | <5.15.0-56.62 | 5.15.0-56.62 |
| ubuntu/linux | <5.19.0-26.27 | 5.19.0-26.27 |
| ubuntu/linux | <6.1.0-16.16 | 6.1.0-16.16 |
| ubuntu/linux | <6.1~ | 6.1~ |
| ubuntu/linux | <4.4.0-236.270 | 4.4.0-236.270 |
| ubuntu/linux-aws | <4.15.0-1148.160 | 4.15.0-1148.160 |
| ubuntu/linux-aws | <5.4.0-1094.102 | 5.4.0-1094.102 |
| ubuntu/linux-aws | <5.15.0-1026.30 | 5.15.0-1026.30 |
| ubuntu/linux-aws | <5.19.0-1014.15 | 5.19.0-1014.15 |
| ubuntu/linux-aws | <4.4.0-1115.121 | 4.4.0-1115.121 |
| ubuntu/linux-aws | <6.1~ | 6.1~ |
| ubuntu/linux-aws | <4.4.0-1153.168 | 4.4.0-1153.168 |
| ubuntu/linux-aws-5.0 | <6.1~ | 6.1~ |
| ubuntu/linux-aws-5.15 | <5.15.0-1026.30~20.04.2 | 5.15.0-1026.30~20.04.2 |
| ubuntu/linux-aws-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-aws-5.4 | <5.4.0-1094.102~18.04.1 | 5.4.0-1094.102~18.04.1 |
| ubuntu/linux-aws-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-aws-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-aws-fips | <6.1~ | 6.1~ |
| ubuntu/linux-aws-hwe | <6.1~ | 6.1~ |
| ubuntu/linux-aws-hwe | <4.15.0-1148.160~16.04.1 | 4.15.0-1148.160~16.04.1 |
| ubuntu/linux-azure | <5.4.0-1101.107 | 5.4.0-1101.107 |
| ubuntu/linux-azure | <5.15.0-1029.36 | 5.15.0-1029.36 |
| ubuntu/linux-azure | <5.19.0-1013.14 | 5.19.0-1013.14 |
| ubuntu/linux-azure | <4.15.0-1159.174~14.04.1 | 4.15.0-1159.174~14.04.1 |
| ubuntu/linux-azure | <6.1~ | 6.1~ |
| ubuntu/linux-azure | <4.15.0-1159.174~16.04.1 | 4.15.0-1159.174~16.04.1 |
| ubuntu/linux-azure-4.15 | <4.15.0-1159.174 | 4.15.0-1159.174 |
| ubuntu/linux-azure-4.15 | <6.1~ | 6.1~ |
| ubuntu/linux-azure-5.15 | <5.15.0-1029.36~20.04.1 | 5.15.0-1029.36~20.04.1 |
| ubuntu/linux-azure-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-azure-5.4 | <5.4.0-1101.107~18.04.1 | 5.4.0-1101.107~18.04.1 |
| ubuntu/linux-azure-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-azure-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-azure-edge | <6.1~ | 6.1~ |
| ubuntu/linux-azure-fde | <5.4.0-1101.107 | 5.4.0-1101.107 |
| ubuntu/linux-azure-fde | <5.15.0-1029.36.1 | 5.15.0-1029.36.1 |
| ubuntu/linux-azure-fde | <6.1~ | 6.1~ |
| ubuntu/linux-azure-fde-5.15 | <5.15.0-1029.36~20.04.1.1 | 5.15.0-1029.36~20.04.1.1 |
| ubuntu/linux-azure-fde-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-azure-fips | <6.1~ | 6.1~ |
| ubuntu/linux-bluefield | <5.4.0-1058.64 | 5.4.0-1058.64 |
| ubuntu/linux-bluefield | <6.1~ | 6.1~ |
| ubuntu/linux-dell300x | <4.15.0-1060.65 | 4.15.0-1060.65 |
| ubuntu/linux-dell300x | <6.1~ | 6.1~ |
| ubuntu/linux-fips | <6.1~ | 6.1~ |
| ubuntu/linux-gcp | <5.4.0-1098.107 | 5.4.0-1098.107 |
| ubuntu/linux-gcp | <5.15.0-1025.32 | 5.15.0-1025.32 |
| ubuntu/linux-gcp | <5.19.0-1013.14 | 5.19.0-1013.14 |
| ubuntu/linux-gcp | <6.1~ | 6.1~ |
| ubuntu/linux-gcp | <4.15.0-1143.159~16.04.1 | 4.15.0-1143.159~16.04.1 |
| ubuntu/linux-gcp-4.15 | <4.15.0-1143.159 | 4.15.0-1143.159 |
| ubuntu/linux-gcp-4.15 | <6.1~ | 6.1~ |
| ubuntu/linux-gcp-5.15 | <5.15.0-1025.32~20.04.2 | 5.15.0-1025.32~20.04.2 |
| ubuntu/linux-gcp-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-gcp-5.4 | <5.4.0-1098.107~18.04.1 | 5.4.0-1098.107~18.04.1 |
| ubuntu/linux-gcp-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-gcp-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-gcp-fips | <6.1~ | 6.1~ |
| ubuntu/linux-gke | <5.4.0-1094.101 | 5.4.0-1094.101 |
| ubuntu/linux-gke | <5.15.0-1023.28 | 5.15.0-1023.28 |
| ubuntu/linux-gke | <6.1~ | 6.1~ |
| ubuntu/linux-gke-4.15 | <6.1~ | 6.1~ |
| ubuntu/linux-gke-5.0 | <6.1~ | 6.1~ |
| ubuntu/linux-gke-5.15 | <5.15.0-1023.28~20.04.2 | 5.15.0-1023.28~20.04.2 |
| ubuntu/linux-gke-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-gke-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-gkeop | <5.4.0-1062.66 | 5.4.0-1062.66 |
| ubuntu/linux-gkeop | <5.15.0-1011.15 | 5.15.0-1011.15 |
| ubuntu/linux-gkeop | <6.1~ | 6.1~ |
| ubuntu/linux-gkeop-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-gkeop-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-hwe | <6.1~ | 6.1~ |
| ubuntu/linux-hwe | <4.15.0-202.213~16.04.1 | 4.15.0-202.213~16.04.1 |
| ubuntu/linux-hwe-5.15 | <5.15.0-56.62~20.04.1 | 5.15.0-56.62~20.04.1 |
| ubuntu/linux-hwe-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-hwe-5.4 | <5.4.0-137.154~18.04.1 | 5.4.0-137.154~18.04.1 |
| ubuntu/linux-hwe-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-hwe-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-hwe-edge | <6.1~ | 6.1~ |
| ubuntu/linux-ibm | <5.4.0-1042.47 | 5.4.0-1042.47 |
| ubuntu/linux-ibm | <5.15.0-1021.24 | 5.15.0-1021.24 |
| ubuntu/linux-ibm | <5.19.0-1013.14 | 5.19.0-1013.14 |
| ubuntu/linux-ibm | <6.1~ | 6.1~ |
| ubuntu/linux-ibm-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-ibm-5.4 | <5.4.0-1042.47~18.04.1 | 5.4.0-1042.47~18.04.1 |
| ubuntu/linux-ibm-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-intel | <6.1~ | 6.1~ |
| ubuntu/linux-intel-5.13 | <6.1~ | 6.1~ |
| ubuntu/linux-intel-iotg | <5.15.0-1021.26 | 5.15.0-1021.26 |
| ubuntu/linux-intel-iotg | <6.1~ | 6.1~ |
| ubuntu/linux-intel-iotg-5.15 | <5.15.0-1021.26~20.04.1 | 5.15.0-1021.26~20.04.1 |
| ubuntu/linux-intel-iotg-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-iot | <6.1~ | 6.1~ |
| ubuntu/linux-kvm | <4.15.0-1134.139 | 4.15.0-1134.139 |
| ubuntu/linux-kvm | <5.4.0-1084.90 | 5.4.0-1084.90 |
| ubuntu/linux-kvm | <5.15.0-1024.29 | 5.15.0-1024.29 |
| ubuntu/linux-kvm | <5.19.0-1013.14 | 5.19.0-1013.14 |
| ubuntu/linux-kvm | <6.1~ | 6.1~ |
| ubuntu/linux-kvm | <4.4.0-1116.126 | 4.4.0-1116.126 |
| ubuntu/linux-laptop | <6.1~ | 6.1~ |
| ubuntu/linux-lowlatency | <5.15.0-56.62 | 5.15.0-56.62 |
| ubuntu/linux-lowlatency | <5.19.0-1012.13 | 5.19.0-1012.13 |
| ubuntu/linux-lowlatency | <6.1~ | 6.1~ |
| ubuntu/linux-lowlatency-hwe-5.15 | <5.15.0-56.62~20.04.1 | 5.15.0-56.62~20.04.1 |
| ubuntu/linux-lowlatency-hwe-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-lowlatency-hwe-5.19 | <6.1~ | 6.1~ |
| ubuntu/linux-lowlatency-hwe-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-lts-xenial | <4.4.0-236.270~14.04.1 | 4.4.0-236.270~14.04.1 |
| ubuntu/linux-lts-xenial | <6.1~ | 6.1~ |
| ubuntu/linux-nvidia | <6.1~ | 6.1~ |
| ubuntu/linux-nvidia-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-oem | <6.1~ | 6.1~ |
| ubuntu/linux-oem-5.10 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-5.14 | <5.14.0-1055.62 | 5.14.0-1055.62 |
| ubuntu/linux-oem-5.14 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-5.17 | <5.17.0-1024.25 | 5.17.0-1024.25 |
| ubuntu/linux-oem-5.17 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-5.6 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-6.0 | <6.0.0-1012.12 | 6.0.0-1012.12 |
| ubuntu/linux-oem-6.0 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-6.1 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-6.8 | <6.1~ | 6.1~ |
| ubuntu/linux-oem-osp1 | <6.1~ | 6.1~ |
| ubuntu/linux-oracle | <4.15.0-1113.124 | 4.15.0-1113.124 |
| ubuntu/linux-oracle | <5.4.0-1092.101 | 5.4.0-1092.101 |
| ubuntu/linux-oracle | <5.15.0-1025.31 | 5.15.0-1025.31 |
| ubuntu/linux-oracle | <5.19.0-1013.14 | 5.19.0-1013.14 |
| ubuntu/linux-oracle | <6.1~ | 6.1~ |
| ubuntu/linux-oracle | <4.15.0-1113.124~16.04.1 | 4.15.0-1113.124~16.04.1 |
| ubuntu/linux-oracle-5.0 | <6.1~ | 6.1~ |
| ubuntu/linux-oracle-5.13 | <6.1~ | 6.1~ |
| ubuntu/linux-oracle-5.15 | <5.15.0-1025.31~20.04.2 | 5.15.0-1025.31~20.04.2 |
| ubuntu/linux-oracle-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-oracle-5.4 | <5.4.0-1092.101~18.04.1 | 5.4.0-1092.101~18.04.1 |
| ubuntu/linux-oracle-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-oracle-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-raspi | <5.4.0-1079.90 | 5.4.0-1079.90 |
| ubuntu/linux-raspi | <5.15.0-1021.23 | 5.15.0-1021.23 |
| ubuntu/linux-raspi | <5.19.0-1009.16 | 5.19.0-1009.16 |
| ubuntu/linux-raspi | <6.1~ | 6.1~ |
| ubuntu/linux-raspi-5.4 | <5.4.0-1079.90~18.04.1 | 5.4.0-1079.90~18.04.1 |
| ubuntu/linux-raspi-5.4 | <6.1~ | 6.1~ |
| ubuntu/linux-raspi2 | <4.15.0-1126.134 | 4.15.0-1126.134 |
| ubuntu/linux-raspi2 | <6.1~ | 6.1~ |
| ubuntu/linux-riscv | <5.19.0-1009.10 | 5.19.0-1009.10 |
| ubuntu/linux-riscv | <6.1~ | 6.1~ |
| ubuntu/linux-riscv-5.15 | <6.1~ | 6.1~ |
| ubuntu/linux-riscv-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-snapdragon | <4.15.0-1144.154 | 4.15.0-1144.154 |
| ubuntu/linux-snapdragon | <6.1~ | 6.1~ |
| ubuntu/linux-starfive | <6.1~ | 6.1~ |
| ubuntu/linux-starfive-6.5 | <6.1~ | 6.1~ |
| ubuntu/linux-xilinx-zynqmp | <6.1~ | 6.1~ |
| debian/linux | <=5.10.218-1 | 5.10.221-1 6.1.94-1 6.1.99-1 6.9.10-1 6.9.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8
- https://security.netapp.com/advisory/ntap-20221215-0006/
- http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html
- https://launchpad.net/bugs/cve/CVE-2022-43945
- https://www.cve.org/CVERecord?id=CVE-2022-43945 https://nvd.nist.gov/vuln/detail/CVE-2022-43945 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8
- https://bugzilla.redhat.com/show_bug.cgi?id=2141752
- https://access.redhat.com/errata/RHSA-2023:0854
- https://access.redhat.com/errata/RHSA-2023:0832
- https://access.redhat.com/errata/RHSA-2023:0839
- https://access.redhat.com/errata/RHSA-2023:0334
- https://access.redhat.com/errata/RHSA-2023:0300
- https://access.redhat.com/errata/RHSA-2023:0348
- https://access.redhat.com/errata/RHSA-2022:8973
- https://access.redhat.com/errata/RHSA-2022:8974
- https://access.redhat.com/errata/RHSA-2022:9082
- https://access.redhat.com/security/cve/cve-2022-43945
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2167765
- https://ubuntu.com/security/notices/USN-5754-1
- https://ubuntu.com/security/notices/USN-5755-1
- https://ubuntu.com/security/notices/USN-5755-2
- https://ubuntu.com/security/notices/USN-5754-2
- https://ubuntu.com/security/notices/USN-5773-1
- https://ubuntu.com/security/notices/USN-5779-1
- https://ubuntu.com/security/notices/USN-5789-1
- https://ubuntu.com/security/notices/USN-5794-1
- https://ubuntu.com/security/notices/USN-5802-1
- https://ubuntu.com/security/notices/USN-5804-1
- https://ubuntu.com/security/notices/USN-5804-2
- https://ubuntu.com/security/notices/USN-5808-1
- https://ubuntu.com/security/notices/USN-5813-1
- https://ubuntu.com/security/notices/USN-5829-1
- https://ubuntu.com/security/notices/USN-5830-1
- https://ubuntu.com/security/notices/USN-5861-1
- https://ubuntu.com/security/notices/USN-5863-1
- https://ubuntu.com/security/notices/USN-5875-1
- https://ubuntu.com/security/notices/USN-5914-1
- https://ubuntu.com/security/notices/USN-5918-1
- https://www.cve.org/CVERecord?id=CVE-2022-43945
- https://nvd.nist.gov/vuln/detail/CVE-2022-43945
- https://security-tracker.debian.org/tracker/CVE-2022-43945
- https://git.kernel.org/linus/5191955d6fc65e6d4efe8f4f10a6028298f57281
- https://git.kernel.org/linus/90bfc37b5ab91c1a6165e3e5cfc49bf04571b762
- https://git.kernel.org/linus/bddfdbcddbe267519cd36aeb115fdf8620980111
- https://git.kernel.org/linus/1242a87da0d8cd2a428e96ca68e7ea899b0f4624
- https://git.kernel.org/linus/53b1119a6e5028b125f431a0116ba73510d82a72
- https://git.kernel.org/linus/00b4492686e0497fdb924a9d4c8f6f99377e176c
- https://git.kernel.org/linus/5650682e16f41722f735b7beeb2dbc3411dfbeb6
- https://git.kernel.org/linus/640f87c190e0d1b2a0fcb2ecf6d2cd53b1c41991
- https://git.kernel.org/linus/401bc1f90874280a80b93f23be33a0e7e2d1f912
- https://git.kernel.org/linus/fa6be9cc6e80ec79892ddf08a8c10cabab9baf38
- https://git.kernel.org/linus/58e7b33a58d0cd07c9294d5161553b204c75662d
- https://git.kernel.org/linus/76ce4dcec0dc08a032db916841ddc4e3998be317
- https://ubuntu.com/security/CVE-2022-43945
Parent vulnerabilities
(Appears in the following advisories)
- RHSA-2023:0854
- RHSA-2023:0832
- RHSA-2023:0839
- RHSA-2023:0334
- RHSA-2023:0300
- RHSA-2023:0348
- RHSA-2022:8973
- RHSA-2022:8974
- RHSA-2022:9082
- USN-5754-1
- USN-5755-1
- USN-5755-2
- USN-5754-2
- USN-5773-1
- USN-5779-1
- USN-5789-1
- USN-5794-1
- USN-5802-1
- USN-5804-1
- USN-5804-2
- USN-5808-1
- USN-5813-1
- USN-5829-1
- USN-5830-1
- USN-5861-1
- USN-5863-1
- USN-5875-1
- USN-5914-1
- USN-5918-1
- collector/launchpad-cve
- collector/redhat-cve
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-43945
- agent/last-modified-date
- agent/author
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/6.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- package-manager/ubuntu
- package-manager/debian