CVE-2022-43945 is a high-severity vulnerability affecting the Linux kernel's Network File System daemon (NFSD) implementation prior to versions 5.19.17 and 6.0.2. The vulnerability arises from an incorrect calculation of buffer size (CWE-131) in the NFSD code that manages the receive and send buffers of remote procedure calls (RPC) over TCP. Specifically, NFSD tracks the number of memory pages held by each NFSD thread by combining the receive and send buffers into a single array. A malicious client can exploit this by sending a correctly formed RPC message that includes additional garbage data appended at the end. Although the message conforms to the RPC specification, the NFSD code does not anticipate the oversized request and consequently writes beyond the allocated buffer space, causing a buffer overflow. This overflow impacts the availability of the system, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), meaning the attack can be performed remotely over the network without privileges or user interaction, and it results in denial of service (availability impact) without affecting confidentiality or integrity. No known exploits are currently reported in the wild. The vulnerability is mitigated by upgrading the Linux kernel to versions 5.19.17, 6.0.2, or later, where the buffer size calculation and handling have been corrected to prevent overflow.

For European organizations, the impact of this vulnerability primarily concerns service availability and operational continuity. Systems running vulnerable Linux kernels with NFSD enabled are susceptible to remote denial-of-service attacks that can crash or destabilize critical network file services. This can disrupt file sharing and storage services, impacting business operations, especially in sectors relying heavily on Linux-based infrastructure such as telecommunications, cloud service providers, research institutions, and government agencies. While the vulnerability does not directly compromise data confidentiality or integrity, the resulting service outages could lead to indirect impacts such as loss of productivity, delayed services, and potential cascading failures in dependent systems. Given the remote and unauthenticated nature of the exploit, attackers can launch denial-of-service attacks without needing access credentials, increasing the risk of opportunistic or targeted disruptions.

European organizations should prioritize patching affected Linux kernel versions by upgrading to 5.19.17, 6.0.2, or later releases where the vulnerability is fixed. In environments where immediate patching is not feasible, organizations can mitigate risk by disabling the NFSD service if it is not required, thereby eliminating the attack surface. Network-level protections such as firewall rules should be configured to restrict or monitor incoming RPC traffic over TCP to trusted clients only. Intrusion detection and prevention systems (IDS/IPS) should be updated to detect anomalous RPC messages with oversized payloads. Additionally, organizations should implement robust network segmentation to isolate critical NFSD servers and monitor logs for unusual RPC activity. Regular vulnerability scanning and kernel version audits will help identify and remediate vulnerable systems promptly.