PT-2022-6039 · Linux+2 · Linux Kernel+2

Arnaud Gatignol

Published

2022-07-31

Updated

2023-05-16

CVE-2022-47941

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 through 5.19 before 5.19.2

Description An issue was discovered in ksmbd in the Linux kernel, related to a memory leak due to the omission of a kfree call in certain smb2 handle negotiate error conditions. This can be exploited by a remote attacker to cause a denial-of-service when handling SMB2 NEGOTIATE requests. The vulnerable code is located in fs/ksmbd/smb2pdu.c.

Recommendations For Linux kernel versions 5.15 through 5.19 before 5.19.2, update to version 5.19.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the smb2 handle negotiate function to minimize the risk of exploitation.

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALT-PU-2022-2453

ALT-PU-2022-2454

ALT-PU-2022-2474

ALT-PU-2022-2497

ALT-PU-2022-2682

ALT-PU-2022-2692

ALT-PU-2022-2915

ALT-PU-2022-2919

AZL-12096

BDU:2022-07503

CVE-2022-47941

OESA-2023-1012

ZDI-22-1687

Affected Products

Alt Linux

Astra Linux

Linux Kernel

PT-2022-6039 · Linux+2 · Linux Kernel+2

CVE-2022-47941

Weakness Enumeration

Related Identifiers

Affected Products

References · 33