From patchwork Wed Dec 14 16:37:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thadeu Lima de Souza Cascardo X-Patchwork-Id: 1715849 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=ChvrXSg4; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NXLdt40Yxz240J for ; Thu, 15 Dec 2022 03:38:25 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1p5Ull-0001fP-C2; Wed, 14 Dec 2022 16:38:09 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1p5Ulk-0001fI-Ue for kernel-team@lists.ubuntu.com; Wed, 14 Dec 2022 16:38:08 +0000 Received: from localhost.localdomain (1.general.cascardo.us.vpn [10.172.70.58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id EF52243591 for ; Wed, 14 Dec 2022 16:38:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1671035888; bh=Aqbe+rNCHnXPcAgCZm+dD+3CaZ5+bvwPptgRZghDmd8=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=ChvrXSg4haXe2j63+VkA9RlL8iYa2ruyvvKQzynvAHqOPxbR16aKJU90CyH8UDz2+ 5Pz8JFHHpXaO5UueacLTCg/0OR8jHuYq+r+fX2rMma9W5wZjN48Kpyx+xG/MsORkmY 9Q10DyzWNY0Sg7d9OQEanRKySncJ3upn4PCKCYrZEz13qqYDkE2WyRnxUP+NzP/1Kh bjcmwn/tBv0K3Q/rl62M4LMJl75jPxtZOC+XduJY9AIWuCSGiiL1mN8EUJkOSvZVyh evV/4tjC4zif5A7BTR62dpH29LO//8YykZr0nfBK+PtnXNOS4dFhjuTX9dxH5OjW1i henb15BExTBug== From: Thadeu Lima de Souza Cascardo To: kernel-team@lists.ubuntu.com Subject: [UBUNTU B,F 0/1] CVE-2022-43945 Date: Wed, 14 Dec 2022 13:37:19 -0300 Message-Id: <20221214163721.570055-1-cascardo@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] A remote user may cause an out-of-bounds access on a NFS server. The other fixes for this vulnerability were either: 1) not applicable, since they were fixing newer commits not present on 5.4 or 4.15. 2) only affected NFSv2 or NFSv3, but those were mitigated by function nfs_request_too_big, which was removed around 5.8. [Testing] A smoke test was done by mounting a localhost NFS server using -o nfsvers=4. A PoC was built but did not manage to trigger any oops. [Potential regression] NFS servers might break. Chuck Lever (1): NFSD: Cap rsize_bop result based on send buffer size fs/nfsd/nfs4proc.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) Acked-by: Tim Gardner Acked-by: Cengiz Can