ACK: [UBUNTU OEM-6.0 0/2] CVE-2022-43945

Tim Gardner tim.gardner at canonical.com
Sun Jan 29 15:51:24 UTC 2023


On 1/27/23 11:32, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A malicious client can cause a buffer overflow on the nfsd server by sending
> a crafted RPC message.
> 
> [Backport]
> Missing two commits on 6.0 that were already applied to other kernels.
> 
> [Potential regression]
> NFSD servers might misbehave.
> 
> Chuck Lever (2):
>    NFSD: Remove "inline" directives on op_rsize_bop helpers
>    NFSD: Cap rsize_bop result based on send buffer size
> 
>   fs/nfsd/nfs4proc.c | 169 ++++++++++++++++++++++++++-------------------
>   fs/nfsd/xdr4.h     |   3 +-
>   2 files changed, 101 insertions(+), 71 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list