Multiple vulnerabilities in Linux kernel ksmbd
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-47943 CVE-2022-47938 CVE-2022-47942 CVE-2022-47941 |
| CWE-ID | CWE-125 CWE-122 CWE-401 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU70484
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47943
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read in ksmbd due to a large length in the zero DataOffset case in SMB2_WRITE call. A remote user can send specially crafted request to the ksmbd daemon, trigger an out-of-bounds write error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsLinux kernel: before 5.19.2
External linkshttp://github.com/torvalds/linux/commit/ac60778b87e45576d7bfdbd6f53df902654e6f09
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac60778b87e45576d7bfdbd6f53df902654e6f09
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
http://www.openwall.com/lists/oss-security/2022/12/23/10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU70483
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47938
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in SMB2_TREE_CONNECT in fs/ksmbd/smb2misc.c. A remote user can send specially crafted request to the ksmbd daemon, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 5.19.2
External linkshttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=824d4f64c20093275f72fc8101394d75ff6a249e
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
http://github.com/torvalds/linux/commit/824d4f64c20093275f72fc8101394d75ff6a249e
http://www.openwall.com/lists/oss-security/2022/12/23/10
http://www.zerodayinitiative.com/advisories/ZDI-22-1689/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU70482
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47942
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command. A remote user can send specially crafted data to the ksmbd daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: before 5.19.2
External linkshttp://github.com/torvalds/linux/commit/8f0541186e9ad1b62accc9519cc2b7a7240272a7
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f0541186e9ad1b62accc9519cc2b7a7240272a7
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
http://www.openwall.com/lists/oss-security/2022/12/23/10
http://www.zerodayinitiative.com/advisories/ZDI-22-1688/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU70481
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47941
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in fs/ksmbd/smb2pdu.c in Linux kernel ksmbd when handling certain smb2_handle_negotiate() error conditions. A remote attacker can force the system to leak memory and perform denial of service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: before 5.19.2
External linkshttp://github.com/torvalds/linux/commit/aa7253c2393f6dcd6a1468b0792f6da76edad917
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa7253c2393f6dcd6a1468b0792f6da76edad917
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
http://www.openwall.com/lists/oss-security/2022/12/23/10
http://www.zerodayinitiative.com/advisories/ZDI-22-1687/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
