#VU70484 Out-of-bounds read in Linux kernel - CVE-2022-47943

Cybersecurity Help s.r.o.

Published: 2022-12-26

Vulnerability identifier: #VU70484

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-47943

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds read in ksmbd due to a large length in the zero DataOffset case in SMB2_WRITE call. A remote user can send specially crafted request to the ksmbd daemon, trigger an out-of-bounds write error and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: before 5.19.2, 5.19.2

External links
https://github.com/torvalds/linux/commit/ac60778b87e45576d7bfdbd6f53df902654e6f09
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac60778b87e45576d7bfdbd6f53df902654e6f09
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
https://www.openwall.com/lists/oss-security/2022/12/23/10

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP1 update for kernel

openEuler 22.03 LTS update for kernel

Multiple vulnerabilities in Linux kernel ksmbd