What is CVE-2022-43945?

CVE-2022-43945 is a high-severity vulnerability in Linux Linux_kernel, classified under Incorrect Calculation of Buffer Size. CVSS score: 7.5/10. Published 2022-11-04.

How severe is CVE-2022-43945?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2022-43945 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Linux Linux_kernel

CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC)…

EPSS: 0.002 (45.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

disclosure@synopsys.com (Patch, Mailing List, Vendor Advisory)
disclosure@synopsys.com (Third Party Advisory)
disclosure@synopsys.com
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Frequently asked questions

What is CVE-2022-43945?: CVE-2022-43945 is a high-severity vulnerability in Linux Linux_kernel, classified under Incorrect Calculation of Buffer Size. CVSS score: 7.5/10. Published 2022-11-04.
How severe is CVE-2022-43945?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2022-43945 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.