CVE-2022-0812 An information leak flaw was found in NFS over RDMA in the Linux Kernel.

The information leak is caused by the lack of check if the passed client structure is in a valid state. An attacker can exploit this flaw to reveal information about the system or user process.

The flaw is present in the RPC_RDMA_Info() function when handling a client structure received over RDMA. This can be exploited by a remote attacker to perform information disclosure.

A remote attacker can exploit this flaw to perform information disclosure.

This issue was addressed by avoiding non-safe information leak routines.

A memory access flaw was found in the way NFS snoops the memory on behalf of the client. A remote attacker can exploit this flaw to cause a denial-of-service (DoS).

This issue was addressed by modifying NFS to not snoop the client’s memory.

An information leak flaw was found in the IP fragmentation implementation in the Linux kernel. An attacker can exploit this flaw to obtain potentially sensitive information.

This issue was addressed by not returning the contents of user memory.

An information leak flaw was found in the Linux kernel's implementation of the Virtual Private Network (VPN) protocol. An attacker could use this flaw to leak information about the system or user process.

This issue was addressed by preventing user memory from being shared between virtual machines.

An information leak was found in the Linux kernel’s implementation of the RCC API for telephony. An attacker could use this leak to

Linux kernel network implementation vulnerabilities CVE-2022-0812

The information leak is caused by the lack of check if the passed client structure is in a valid state. An attacker can exploit this flaw to reveal information about the system or user process.

The flaw is present in the RPC_RDMA_Info() function when handling a client structure received over RDMA. This can be exploited by a remote attacker to perform information disclosure.
A remote attacker can exploit this flaw to perform information disclosure.
This issue was addressed by avoiding non-safe information leak routines.
A memory access flaw was found in the way NFS snoops the memory on behalf of the client. A remote attacker can exploit this flaw to cause a denial-of-service (DoS).
This issue was addressed by modifying NFS to not snoop the client’s memory.
An information leak flaw was found in the IP fragmentation implementation in the Linux kernel. An attacker can exploit this flaw to obtain potentially sensitive information.
This issue was addressed by not returning the contents of user memory.
An information leak flaw was found in the Linux kernel's implementation of the Virtual Private Network (VPN) protocol. An attacker could use this flaw to leak information about the system or user process.
This issue was addressed by preventing user memory from being shared between virtual machines.
An information leak was found in the Linux kernel’s implementation of the RCC API for telephony. An attacker could use this

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe