retired/CVE-2022-4379


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Description: NFSD: fix use-after-free in __nfs42_ssc_open()
References:
 https://www.openwall.com/lists/oss-security/2022/12/14/3
 https://lore.kernel.org/all/1670885411-10060-1-git-send-email-dai.ngo@oracle.com/
Notes:
 carnil> Fixed in 6.1.3 as well for 6.1.y.
 bwh> The vulnerable code is conditional on CONFIG_NFSD_V4_2_INTER_SSC
 bwh> which we don't yet enable.
Bugs:
upstream: released (6.2-rc1) [75333d48f92256a0dec91dbf07835e804fc411c0]
5.10-upstream-stable: released (5.10.177) [01e4c9c03de8a9f8839cb7342bc4bccf9104efe5]
4.19-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (6.1.4-1)
5.10-bullseye-security: released (5.10.178-1)
4.19-buster-security: N/A "Vulnerable code introduced later"