APPLIED[B]: [UBUNTU B,F 0/1] CVE-2022-43945
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Jan 5 03:53:48 UTC 2023
Applied to bionic:linux master-next
Thanks!
- Luke
On Wed, Dec 14, 2022 at 8:39 AM Thadeu Lima de Souza Cascardo <
cascardo at canonical.com> wrote:
> [Impact]
> A remote user may cause an out-of-bounds access on a NFS server.
>
> The other fixes for this vulnerability were either:
>
> 1) not applicable, since they were fixing newer commits not present
> on 5.4 or 4.15.
> 2) only affected NFSv2 or NFSv3, but those were mitigated by function
> nfs_request_too_big, which was removed around 5.8.
>
> [Testing]
> A smoke test was done by mounting a localhost NFS server using -o
> nfsvers=4.
>
> A PoC was built but did not manage to trigger any oops.
>
> [Potential regression]
> NFS servers might break.
>
> Chuck Lever (1):
> NFSD: Cap rsize_bop result based on send buffer size
>
> fs/nfsd/nfs4proc.c | 35 +++++++++++++++++++++--------------
> 1 file changed, 21 insertions(+), 14 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230104/2e1c7d56/attachment.html>
More information about the kernel-team
mailing list