CVE-2022-47938
CVE-2022-47938
In short
A flaw in the Linux kernel's ksmbd file server allows an attacker to crash the system by sending a specially crafted file sharing request, potentially causing downtime and denial of service.
Technical detail
An out-of-bounds read vulnerability in fs/ksmbd/smb2misc.c during SMB2_TREE_CONNECT processing allows unauthenticated or local attackers to trigger a kernel panic (OOPS) by providing malformed SMB protocol packets; affects kernel versions 5.15 through 5.19 before 5.19.2.
Summary generated and translated by AI from the official description.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2https://github.com/torvalds/linux/commit/824d4f64c20093275f72fc8101394d75ff6a249ehttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=824d4f64c20093275f72fc8101394d75ff6a249ehttps://www.zerodayinitiative.com/advisories/ZDI-22-1689/http://www.openwall.com/lists/oss-security/2022/12/23/10