PT-2022-6028 · Linux+4 · Linux Kernel+4

Published

2022-06-29

·

Updated

2024-08-21

·

CVE-2022-47940

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:S/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 through 5.18 before 5.18.18
Description The issue is related to a lack of length validation in the smb2 write function in the fs/ksmbd/smb2pdu.c module of the Linux kernel, which can lead to a buffer overflow in memory. This can allow a remote attacker to disclose protected information or cause a denial of service.
Recommendations For Linux kernel versions 5.15 through 5.18 before 5.18.18, update to version 5.18.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the smb2 write function in the fs/ksmbd/smb2pdu.c module until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2022-2148
ALT-PU-2022-2149
ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2023-1684
ALT-PU-2023-1741
AZL-12095
AZL-12931
BDU:2022-07480
CVE-2022-47940
OESA-2023-1035
OESA-2023-1036
ROSA-SA-2023-2189
USN-5851-1
USN-5860-1
USN-5876-1
USN-5877-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Ubuntu