CVE-2022-27239

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cifs-utils versions through 6.14

Description The issue is related to a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument, which could allow local attackers to gain root privileges. This is a result of a buffer overflow in memory.

Recommendations For versions through 6.14, consider restricting the use of the mount.cifs command with the ip= argument until a patch is available. As a temporary workaround, avoid using the ip= command-line argument in mount.cifs to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2022-2522

ALT-PU-2022-2563

ALT-PU-2022-2576

AZL-9587

BDU:2022-04338

CVE-2022-27239

DLA-3009-1

DSA-5157-1

MGASA-2022-0170

OESA-2022-1626

OPENSUSE-SU-2022_1430-1

OPENSUSE-SU-2022_2378-1

OPENSUSE-SU-2024:12087-1

SUSE-SU-2022:1427-1

SUSE-SU-2022:1428-1

SUSE-SU-2022:1429-1

SUSE-SU-2022:1430-1

SUSE-SU-2022:14950-1

SUSE-SU-2022:14951-1

SUSE-SU-2022:2378-1

SUSE-SU-2022_1427-1

SUSE-SU-2022_1428-1

SUSE-SU-2022_1429-1

SUSE-SU-2022_1430-1

SUSE-SU-2022_14951-1

SUSE-SU-2022_2378-1

USN-5459-1

USN-7688-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Cifs-Utils

CVE-2022-27239

Weakness Enumeration

Related Identifiers

Affected Products

References · 73