Linux Kernel NFSD NFSv3 READ Buffer Overflow Vulnerability

A vulnerability in the Linux kernel's Network File System (NFS) version 3 implementation can lead to a send buffer overflow. This issue arises because NFSD combines the receive and send buffers into a single array of pages. When an excessively large RPC Call header is sent, it forces the send buffer to shrink, creating a situation where the maximum payload size cannot be properly managed. This vulnerability affects the Linux kernel's stable releases.

Impact

Exploitation of this vulnerability can cause a buffer overflow in the NFSv3 READ operation, potentially leading to memory corruption or other undefined behavior.

Reproduction

To reproduce this vulnerability, send a correctly-formed RPC Call header within an RPC record that exceeds the maximum payload size over TCP. This will cause the send buffer to shrink improperly, creating a buffer overflow condition.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.