CVE-2022-43945: 
Linux Kernel vulnerability analysis and mitigation

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 contains a buffer overflow vulnerability (CVE-2022-43945). NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages (CVE Details).

The vulnerability occurs when a client sends an RPC message over TCP with garbage data added at the end of the message. While the RPC message with garbage data is correctly formed according to the specification and is passed forward to handlers, the vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

Successful exploitation of this vulnerability could lead to a Denial of Service (DoS) condition. A client can force the send buffer to shrink, potentially causing the system to crash or become unresponsive (NetApp Advisory).

The vulnerability has been fixed in Linux kernel versions 5.19.17 and 6.0.2 and later. Users should upgrade to these versions or apply appropriate vendor-provided patches. The fix was implemented through a kernel commit that addresses the buffer overflow issue (Kernel Patch).