CVE-2022-47940

Опубликовано: 22 дек. 2022

Источник: redhat

CVSS3: 8.1

Описание

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

Отчет

There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code. See https://access.redhat.com/solutions/6991749 for more information.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2155944kernel: smb2_write() fails to validate user supplied data which can result in out-of-bounds read

8.1 High

CVSS3

Связанные уязвимости

CVE-2022-47940

CVSS3: 8.1

ubuntu

около 3 лет назад

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

CVE-2022-47940

CVSS3: 8.1

nvd

около 3 лет назад

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

CVE-2022-47940

CVSS3: 8.1

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-47940

CVSS3: 8.1

debian

около 3 лет назад

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 ...

GHSA-7q73-76jf-54wg

CVSS3: 8.1

github

около 3 лет назад

An issue was discovered in ksmbd in the Linux kernel before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

8.1 High

CVSS3