CVE-2019-10220

CVSS 8 HIGHEPSS 5.1%CWE-22

In short

The Linux kernel's CIFS (file sharing protocol) implementation has a flaw that allows attackers to manipulate directory paths, potentially accessing files they shouldn't be able to reach. This happens when the system doesn't properly validate relative paths in file listings.

Technical detail

A path traversal vulnerability in the Linux kernel's CIFS client (v4.9.0) fails to properly sanitize relative path components in directory entry lists, allowing an attacker with access to a malicious CIFS server to traverse the directory structure and read or write arbitrary files on the client system.

Summary generated and translated by AI from the official description.

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

SUSE · kernel:

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200103-0001/https://usn.ubuntu.com/4226-1/