Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From ELSA-2022-0896:
[2.28-164.0.5.3] - Merge external errata patches. - Siddhesh Poyarekar- 2.28-164.3- CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak (#2032280)- Siddhesh Poyarekar - 2.28-164.2- CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc clnt_create for 'unix' and svcunix_create (#2045062).- Siddhesh Poyarekar - 2.28-164.1- CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 (#2032280)- Reviewed-by: Elena Zannoni
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center