Message ID | 20221214163721.570055-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | CVE-2022-43945 | expand |
On 12/14/22 9:37 AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > A remote user may cause an out-of-bounds access on a NFS server. > > The other fixes for this vulnerability were either: > > 1) not applicable, since they were fixing newer commits not present > on 5.4 or 4.15. > 2) only affected NFSv2 or NFSv3, but those were mitigated by function > nfs_request_too_big, which was removed around 5.8. > > [Testing] > A smoke test was done by mounting a localhost NFS server using -o nfsvers=4. > > A PoC was built but did not manage to trigger any oops. > > [Potential regression] > NFS servers might break. > > Chuck Lever (1): > NFSD: Cap rsize_bop result based on send buffer size > > fs/nfsd/nfs4proc.c | 35 +++++++++++++++++++++-------------- > 1 file changed, 21 insertions(+), 14 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On Wed, 2022-12-14 at 13:37 -0300, Thadeu Lima de Souza Cascardo wrote: > Chuck Lever (1): > NFSD: Cap rsize_bop result based on send buffer size Acked-by: Cengiz Can <cengiz.can@canonical.com>
Applied to bionic:linux master-next Thanks! - Luke On Wed, Dec 14, 2022 at 8:39 AM Thadeu Lima de Souza Cascardo < cascardo@canonical.com> wrote: > [Impact] > A remote user may cause an out-of-bounds access on a NFS server. > > The other fixes for this vulnerability were either: > > 1) not applicable, since they were fixing newer commits not present > on 5.4 or 4.15. > 2) only affected NFSv2 or NFSv3, but those were mitigated by function > nfs_request_too_big, which was removed around 5.8. > > [Testing] > A smoke test was done by mounting a localhost NFS server using -o > nfsvers=4. > > A PoC was built but did not manage to trigger any oops. > > [Potential regression] > NFS servers might break. > > Chuck Lever (1): > NFSD: Cap rsize_bop result based on send buffer size > > fs/nfsd/nfs4proc.c | 35 +++++++++++++++++++++-------------- > 1 file changed, 21 insertions(+), 14 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >