APPLIED: [SRU J/K/HWE-5.17 0/8] CVE-2022-43945 - NFSD buffer overflow
Stefan Bader
stefan.bader at canonical.com
Wed Nov 16 09:49:16 UTC 2022
On 11.11.22 14:48, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A malicious client can cause a buffer overflow on the nfsd server by sending
> a crafted RPC message.
>
> [Backport]
> For 5.14, 5.15, 5.17 and 5.19, these are all clean cherry-picks. Backports
> for older kernel versions is in progress.
>
> [Potential regression]
> NFSD servers might misbehave.
>
> Chuck Lever (8):
> SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
> SUNRPC: Fix svcxdr_init_encode's buflen calculation
> NFSD: Protect against send buffer overflow in NFSv2 READDIR
> NFSD: Protect against send buffer overflow in NFSv3 READDIR
> NFSD: Protect against send buffer overflow in NFSv2 READ
> NFSD: Protect against send buffer overflow in NFSv3 READ
> NFSD: Remove "inline" directives on op_rsize_bop helpers
> NFSD: Cap rsize_bop result based on send buffer size
>
> fs/nfsd/nfs3proc.c | 11 +--
> fs/nfsd/nfs4proc.c | 169 ++++++++++++++++++++++---------------
> fs/nfsd/nfsproc.c | 6 +-
> fs/nfsd/xdr4.h | 3 +-
> include/linux/sunrpc/svc.h | 19 ++++-
> 5 files changed, 125 insertions(+), 83 deletions(-)
>
Applied to kinetic,jammy:linux/master-next and
jammy:linux-hwe-5.17/hwe-5.17-next. Note that for Kinetic patches 1-6 were
already applied from the latest stable. They appeared to be the same as in this
submission, so only patches 7 and 8 were applied on top. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221116/00054346/attachment.sig>
More information about the kernel-team
mailing list