{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43945", "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "assignerShortName": "SNPS", "dateUpdated": "2024-08-03T13:40:06.873Z", "dateReserved": "2022-10-26T00:00:00", "datePublished": "2022-11-04T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "shortName": "SNPS", "dateUpdated": "2023-03-08T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}], "affected": [{"vendor": "linux", "product": "linux_kernel", "versions": [{"version": "< 6.0.2", "status": "affected"}]}], "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8"}, {"url": "https://security.netapp.com/advisory/ntap-20221215-0006/"}, {"url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-131: Incorrect Calculation of Buffer Size", "cweId": "CWE-131"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.873Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221215-0006/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E287B74B-5F32-4BA9-801E-4C57E101C790", "versionEndExcluding": "5.19.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0624AD1-5A88-463E-96D1-F938FCBA6EEA", "versionEndExcluding": "6.0.2", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, {"lang": "es", "value": "La implementaci\u00f3n NFSD del kernel de Linux anterior a las versiones 5.19.17 y 6.0.2 es vulnerable al desbordamiento del b\u00fafer. NFSD rastrea el n\u00famero de p\u00e1ginas retenidas por cada subproceso NFSD combinando los b\u00faferes de recepci\u00f3n y env\u00edo de una llamada a procedimiento remoto (RPC) en una \u00fanica matriz de p\u00e1ginas. Un cliente puede forzar la reducci\u00f3n del b\u00fafer de env\u00edo enviando un mensaje RPC a trav\u00e9s de TCP con datos basura agregados al final del mensaje. El mensaje RPC con datos basura todav\u00eda est\u00e1 formado correctamente seg\u00fan la especificaci\u00f3n y se pasa a los controladores. El c\u00f3digo vulnerable en NFSD no espera la solicitud de gran tama\u00f1o y escribe m\u00e1s all\u00e1 del espacio de b\u00fafer asignado. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H "}], "id": "CVE-2022-43945", "lastModified": "2023-03-08T18:15:11.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-04T19:15:11.180", "references": [{"source": "disclosure@synopsys.com", "url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html"}, {"source": "disclosure@synopsys.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8"}, {"source": "disclosure@synopsys.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221215-0006/"}], "sourceIdentifier": "disclosure@synopsys.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-131"}], "source": "disclosure@synopsys.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0854", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-425.13.1.rt7.223.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:0832", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.13.1.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:0839", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:0334", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.12.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}, {"advisory": "RHSA-2023:0300", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-162.12.1.rt21.175.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}, {"advisory": "RHSA-2023:0334", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.12.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}, {"advisory": "RHSA-2023:0348", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}, {"advisory": "RHSA-2022:8973", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "kernel-0:5.14.0-70.36.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}, {"advisory": "RHSA-2022:8974", "cpe": "cpe:/a:redhat:rhel_eus:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.36.1.rt21.108.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}, {"advisory": "RHSA-2022:9082", "cpe": "cpe:/o:redhat:rhel_eus:9.0", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-15T00:00:00Z"}], "bugzilla": {"description": "kernel: nfsd buffer overflow by RPC message over TCP with garbage data", "id": "2141752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141752"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "A buffer overflow flaw was found in the Linux kernel nfsd (network file system) subsystem. The way a user sends RPC over TCP with excess data added at the end of the message could allow a remote user to starve the resources, causing a denial of service."], "name": "CVE-2022-43945", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-10-03T09:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-43945\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43945\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8"], "statement": "Affected versions of the Red Hat Enterprise Linux are 8.7 and higher, because starting from the 8.7 the affected source code introduced with the errata RHSA-2022:7683.", "threat_severity": "Important"}