CVE-2022-43945 in Linux
Summary
by MITRE • 11/04/2022
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/19/2025
The vulnerability identified as CVE-2022-43945 represents a critical buffer overflow condition within the Linux kernel's Network File System Daemon implementation. This flaw affects NFSD versions prior to 5.19.17 and 6.0.2, where the kernel's handling of RPC messages creates a scenario ripe for exploitation through carefully crafted network traffic. The vulnerability stems from improper buffer management when processing RPC requests that utilize the TCP transport protocol, specifically targeting how NFSD tracks memory pages associated with each thread's receive and send buffers.
The technical exploitation mechanism involves a client sending an RPC message over TCP with appended garbage data that causes the send buffer to shrink unexpectedly. This manipulation occurs within the valid RPC message structure, making the attack vector particularly insidious as it appears legitimate to the receiving system. The NFSD implementation combines receive and send buffers into a unified array of pages, creating a single point of failure when buffer size calculations become inaccurate. The vulnerability manifests when the system attempts to process oversized requests that exceed the allocated buffer boundaries, leading to memory corruption that can result in system instability or potential privilege escalation.
The operational impact of this vulnerability extends beyond simple denial of service, as the buffer overflow condition can potentially allow attackers to execute arbitrary code with kernel privileges. This represents a significant security risk for systems relying on NFS services, particularly in enterprise environments where network file sharing is prevalent. The CVSS score of 3.1 with attack complexity low and no user interaction required indicates this vulnerability is highly exploitable in real-world scenarios. Systems running affected kernel versions are at risk of complete compromise, with potential for data exfiltration, system takeover, or persistent backdoor installation.
Mitigation strategies should focus on immediate kernel version updates to 5.19.17 or 6.0.2, which contain the necessary patches addressing the buffer overflow condition. Network administrators should also implement additional monitoring and intrusion detection measures to identify potential exploitation attempts, particularly those involving malformed RPC messages. The vulnerability aligns with CWE-121, which addresses stack-based buffer overflow conditions, and may map to ATT&CK technique T1059.001 for command and scripting interpreter usage. Organizations should also consider implementing network segmentation and access controls around NFS services, as well as regular security assessments to identify other potential vulnerabilities in their network infrastructure.