SB20250226722 - Buffer overflow in Linux kernel sunrpc xprtrdma
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226722
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2022-49356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the svc_rdma_build_writes() function in net/sunrpc/xprtrdma/svc_rdma_rw.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/659f7568e09593945c221bf20217a82ebdfe1328
- https://git.kernel.org/stable/c/812c13521d4a72469c78ce06d8cdc8dc5b5557b5
- https://git.kernel.org/stable/c/ea26bf5eca1459b5a7824997d7823409ce38214e
- https://git.kernel.org/stable/c/f012e95b377c73c0283f009823c633104dedb337
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19