Vulnerability CVE-2022-43945 - CERT Civis.Net

Vulnerability Name:

CVE-2022-43945 (CCN-239466)

Assigned:

2022-10-03

Published:

2022-10-03

Updated:

2023-03-08

Summary:

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-43945

Source: disclosure@synopsys.com
Type: UNKNOWN
disclosure@synopsys.com

Source: XF
Type: UNKNOWN
linux-kernel-cve202243945-dos(239466)

Source: CCN
Type: Linux Kernel GIT Repository
Merge tag 'nfsd-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

Source: disclosure@synopsys.com
Type: Mailing List, Patch, Vendor Advisory
disclosure@synopsys.com

Source: disclosure@synopsys.com
Type: Third Party Advisory
disclosure@synopsys.com

Source: CCN
Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus)
Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6967243 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:9::nfv:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9::realtime:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

Configuration RedHat 8:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 9:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 11:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration RedHat 12:

cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

Configuration RedHat 13:

cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:5.3.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.3.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.3.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.4.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.0.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.1.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.1.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.1.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.1.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.1.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.1.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.2.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.2.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.2.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.2.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.2.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.2.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.3.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.3.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.4.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.4.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.4:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.4.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.4.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.5:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.5.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.5.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.6.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.7.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.7.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.7.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.8.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.8.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.8.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.8.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.8:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.9:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.9.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.9.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.9.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.10:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.11:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.12:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.13.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.13.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.13:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.14:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.15.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.15.8:*:*:*:*:*:*:*

OR cpe:/a:linux:linux_kernel:5.15:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.16:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.17:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.18:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:5.19:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*

AND

cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8029	P	kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8090	P	reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7539	P	kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20230839	P	RHSA-2023:0839: kpatch-patch security update (Important)	2023-02-21
oval:com.redhat.rhsa:def:20230854	P	RHSA-2023:0854: kernel-rt security and bug fix update (Important)	2023-02-21
oval:com.redhat.rhsa:def:20230832	P	RHSA-2023:0832: kernel security and bug fix update (Important)	2023-02-21
oval:com.redhat.rhsa:def:20230300	P	RHSA-2023:0300: kernel-rt security and bug fix update (Important)	2023-01-23
oval:com.redhat.rhsa:def:20230334	P	RHSA-2023:0334: kernel security and bug fix update (Important)	2023-01-23
oval:com.redhat.rhsa:def:20230348	P	RHSA-2023:0348: kpatch-patch security update (Important)	2023-01-23