[SRU J/K/HWE-5.17/OEM-5.14 0/8] CVE-2022-43945 - NFSD buffer overflow
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Nov 11 13:48:22 UTC 2022
[Impact]
A malicious client can cause a buffer overflow on the nfsd server by sending
a crafted RPC message.
[Backport]
For 5.14, 5.15, 5.17 and 5.19, these are all clean cherry-picks. Backports
for older kernel versions is in progress.
[Potential regression]
NFSD servers might misbehave.
Chuck Lever (8):
SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
SUNRPC: Fix svcxdr_init_encode's buflen calculation
NFSD: Protect against send buffer overflow in NFSv2 READDIR
NFSD: Protect against send buffer overflow in NFSv3 READDIR
NFSD: Protect against send buffer overflow in NFSv2 READ
NFSD: Protect against send buffer overflow in NFSv3 READ
NFSD: Remove "inline" directives on op_rsize_bop helpers
NFSD: Cap rsize_bop result based on send buffer size
fs/nfsd/nfs3proc.c | 11 +--
fs/nfsd/nfs4proc.c | 169 ++++++++++++++++++++++---------------
fs/nfsd/nfsproc.c | 6 +-
fs/nfsd/xdr4.h | 3 +-
include/linux/sunrpc/svc.h | 19 ++++-
5 files changed, 125 insertions(+), 83 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list