PT-2022-6048 · Linux+2 · Linux Kernel+2

Arnaud Gatignol

Published

2022-07-31

Updated

2023-05-16

CVE-2022-47943

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 through 5.19 before 5.19.2

Description The issue is related to the smb2 write function in the ksmbd module of the Linux kernel, which is vulnerable to an out-of-bounds read in memory. This can allow a remote attacker to disclose protected information or cause a denial of service. The vulnerability occurs when there is a large length in the zero DataOffset case for SMB2 WRITE.

Recommendations For Linux kernel versions 5.15 through 5.19 before 5.19.2, update to version 5.19.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ksmbd module or disabling the smb2 write function until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2022-2453

ALT-PU-2022-2470

ALT-PU-2022-2487

ALT-PU-2022-2497

ALT-PU-2022-2682

ALT-PU-2022-2692

ALT-PU-2022-2915

ALT-PU-2022-2919

AZL-12109

BDU:2022-07512

CVE-2022-47943

OESA-2023-1035

OESA-2023-1036

ZDI-22-1691

Affected Products

Alt Linux

Astra Linux

Linux Kernel

PT-2022-6048 · Linux+2 · Linux Kernel+2

CVE-2022-47943

Weakness Enumeration

Related Identifiers

Affected Products

References · 49