PT-2022-3538 · Unknown+5 · Cifs-Utils+5

Jeffrey Bencteux

Published

2022-04-27

Updated

2025-08-07

CVE-2022-29869

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cifs-utils versions through 6.14

Description The issue is related to an information leak when a file contains = (equal sign) characters but is not a valid credentials file, particularly with verbose logging enabled. This can potentially allow a remote attacker to disclose protected information.

Recommendations For versions through 6.14, consider disabling verbose logging as a temporary workaround until a patch is available. Restrict access to files that may contain = characters to minimize the risk of exploitation. Avoid using files with = characters in their content for credential purposes until the issue is resolved.

Fix

Memory Corruption

Insertion into Log File

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-532CWE-668

Related Identifiers

ALT-PU-2022-2522

ALT-PU-2022-2563

ALT-PU-2022-2576

AZL-9588

BDU:2022-04321

BDU:2022-04338

CVE-2022-29869

DLA-3009-1

DSA-5157-1

MGASA-2022-0170

OESA-2022-1626

OPENSUSE-SU-2022:2801-1

OPENSUSE-SU-2022_2801-1

OPENSUSE-SU-2022_3525-1

SUSE-SU-2022:2801-1

SUSE-SU-2022:2802-1

SUSE-SU-2022:3525-1

SUSE-SU-2022_2801-1

SUSE-SU-2022_2802-1

SUSE-SU-2022_3525-1

USN-5459-1

USN-7688-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Cifs-Utils

PT-2022-3538 · Unknown+5 · Cifs-Utils+5

CVE-2022-29869

Weakness Enumeration

Related Identifiers

Affected Products

References · 63