Refine your search
2 vulnerabilities found for linux_kernel by linux
CVE-2022-43945 (GCVE-0-2022-43945)
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2025-05-01 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Summary
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| linux | linux_kernel |
Version: < 6.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:08:01.476613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:08:43.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131: Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-08T00:00:00.000Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221215-0006/"
},
{
"url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2022-43945",
"datePublished": "2022-11-04T00:00:00.000Z",
"dateReserved": "2022-10-26T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:08:43.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3016 (GCVE-0-2019-3016)
Vulnerability from cvelistv5
Published
2020-01-31 19:50
Modified
2024-09-30 15:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| linux | linux_kernel |
Version: 4.10 to 5.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "USN-4300-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4301-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:00:50.015330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:47:55.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.10 to 5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T19:06:37.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "[oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "USN-4300-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4301-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-3016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "linux_kernel",
"version": {
"version_data": [
{
"version_value": "4.10 to 5.6"
}
]
}
}
]
},
"vendor_name": "linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.2/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/4"
},
{
"name": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini@redhat.com/",
"refsource": "CONFIRM",
"url": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini@redhat.com/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167"
},
{
"name": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e"
},
{
"name": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7"
},
{
"name": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589"
},
{
"name": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796"
},
{
"name": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200313-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "USN-4300-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4301-1/"
},
{
"name": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "DSA-4699",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-3016",
"datePublished": "2020-01-31T19:50:14.000Z",
"dateReserved": "2018-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-30T15:47:55.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}