what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

CVE-2022-43945

Status Candidate

Overview

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Related Files

Red Hat Security Advisory 2023-2104-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2104-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-25881, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-4269, CVE-2022-4304, CVE-2022-4378, CVE-2022-43945, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303
SHA-256 | d7518abfdd2ac009bc17d82bebd1a4b25522cb7e7ce34f44d42b7e72b887fd7b
Red Hat Security Advisory 2023-0932-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-24999, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-41717, CVE-2022-43945, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303
SHA-256 | c3f710ebf4c4a5049a9c7598c825e5edecaca34c90026c872eecece7ce700a31
Red Hat Security Advisory 2023-0930-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-24999, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-41717, CVE-2022-43945, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303
SHA-256 | 658ffa57cf97948f0f07e630b296ef00eae93213218b2c60f486f12cd075e147
Kernel Live Patch Security Notice LSN-0092-1
Posted Mar 8, 2023
Authored by Benjamin M. Romer

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2022-42896, CVE-2022-4378, CVE-2022-43945
SHA-256 | 6b28bba2254cc748657eeaf93b80b78ba2924b150021da014dcefa9c80762053
Ubuntu Security Notice USN-5918-1
Posted Mar 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5918-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3628, CVE-2022-3640, CVE-2022-3643, CVE-2022-3649, CVE-2022-41849, CVE-2022-41850, CVE-2022-42895, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934, CVE-2023-20928
SHA-256 | fe9d774b2a1b83bc9a5d670d7c1f5f7d626e82fb02c2fdc23e43a368a702bda0
Ubuntu Security Notice USN-5914-1
Posted Mar 3, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5914-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2022-3567, CVE-2022-42896, CVE-2022-4379, CVE-2022-43945, CVE-2022-45934, CVE-2022-47520, CVE-2023-0045, CVE-2023-0461, CVE-2023-0469
SHA-256 | 7a3e5bb9a288f64e32ff37d607eb3152aeddb2711c706f5e1fa6cd1865b36907
Red Hat Security Advisory 2023-0854-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0854-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2873, CVE-2022-41222, CVE-2022-43945
SHA-256 | d416813fa3da70cf8e6f70babd0dd2079e34e3ed62101938f14e3cdb4652e24b
Red Hat Security Advisory 2023-0839-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0839-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-41222, CVE-2022-43945
SHA-256 | a841e77fcf8eb7575b5a1899f63e795e47605735fa308bd8344e17b0359a09fd
Red Hat Security Advisory 2023-0832-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0832-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, null pointer, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2873, CVE-2022-41222, CVE-2022-43945
SHA-256 | 80f5904fc48b81e645c7ba72edc15de411cd6b66b78a962543325f8d37c66b6d
Ubuntu Security Notice USN-5875-1
Posted Feb 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5875-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3628, CVE-2022-3640, CVE-2022-3643, CVE-2022-3649, CVE-2022-41849, CVE-2022-41850, CVE-2022-42895, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934, CVE-2023-20928
SHA-256 | 5144aea7e759431b262bdae7951064a9252ab627cb36ca751f44cd28c8f90188
Ubuntu Security Notice USN-5861-1
Posted Feb 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5861-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-20369, CVE-2022-26373, CVE-2022-2663, CVE-2022-29900, CVE-2022-29901, CVE-2022-3643, CVE-2022-3646, CVE-2022-3649, CVE-2022-39842, CVE-2022-41849, CVE-2022-41850, CVE-2022-42896, CVE-2022-43750, CVE-2022-43945
SHA-256 | d2fb9a59a66f131a423fca0f0ab291edb8792fba719dc2691f62ec8cdeb36057
Ubuntu Security Notice USN-5863-1
Posted Feb 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5863-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | a6bf566d40808c8a3ee6f31220f77a9b9f80194ceb2190c1da740e6f0679c487
Ubuntu Security Notice USN-5830-1
Posted Jan 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5830-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | 6e68f50f18b8299b6053e750db628304a61fb6f1ccf4186312d8814b9ac32cfd
Ubuntu Security Notice USN-5829-1
Posted Jan 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5829-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | aad823e9a2aa345a90ba89b0bbadac4b45a7aad04940b487e28febdc9f15b3ff
Red Hat Security Advisory 2023-0334-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0334-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2959, CVE-2022-2964, CVE-2022-30594, CVE-2022-3077, CVE-2022-4139, CVE-2022-43945
SHA-256 | 270a2d5624a45b16560c8e641883158312e61364d19ffad747cdf8e699ae8f52
Red Hat Security Advisory 2023-0300-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0300-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2959, CVE-2022-2964, CVE-2022-30594, CVE-2022-3077, CVE-2022-4139, CVE-2022-43945
SHA-256 | 8d37c7d8ee1ca4cb5709e9609fb377f17f1c4bb3ae3c63a34fc4b21cff595e3b
Red Hat Security Advisory 2023-0348-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0348-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2959, CVE-2022-2964, CVE-2022-4139, CVE-2022-43945
SHA-256 | e864895bb1b66157dffd89917ce2ff48ada4cdb215dc53916ad302cda3d20852
Ubuntu Security Notice USN-5813-1
Posted Jan 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5813-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | c8585d9310f20472858a349154e922f465a23afb78b9d227cd2a5767b334c7ee
Ubuntu Security Notice USN-5808-1
Posted Jan 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5808-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | cc4443f00c1b80d3578f83459d2dcc84a73bd15607e61dc8a6a55c30a1f95a47
Ubuntu Security Notice USN-5804-2
Posted Jan 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5804-2 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | 432e44d00c7370626def9020ff038a803fee945c7cfa7c1e5694ed4a2e964793
Ubuntu Security Notice USN-5804-1
Posted Jan 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | eaaf2b382821a29f0cd1289ad47e022031258f5e6b7b5ad1a6f618862dfb5a67
Ubuntu Security Notice USN-5802-1
Posted Jan 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5802-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | 34428fdea7c82ae5cc1b2570fe09a946f45222b5e8de50755c8c2bd32c0ca4ff
Ubuntu Security Notice USN-5794-1
Posted Jan 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5794-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
SHA-256 | f94cebf0ea6c3ab3da6d1994df82f1a6cfce5dea6344042ba9c85491090964a9
Ubuntu Security Notice USN-5789-1
Posted Jan 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5789-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-26365, CVE-2022-33743, CVE-2022-3524, CVE-2022-3564, CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621, CVE-2022-42703, CVE-2022-43945
SHA-256 | 5e4425ebefc70941701f4366636f5c56c410100f8702999238e1ca79db767665
Red Hat Security Advisory 2022-9082-01
Posted Dec 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-1158, CVE-2022-2639, CVE-2022-2959, CVE-2022-43945
SHA-256 | 91a8ca65a5bf0091d7e45807156a2f91f6faf7bb1d52bc8264cb7f2665f81c55
Page 1 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close