Lucene search

K

[email protected]CVE-2022-47939

HistoryDec 23, 2022 - 4:15 p.m.

CVE-2022-47939

2022-12-2316:15:12

CWE-416

[email protected]

web.nvd.nist.gov

61

ksmbd

linux kernel

cve-2022-47939

use-after-free

oops

smb2_tree_disconnect

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

Affected configurations

NVD

Node

linuxlinux_kernelRange5.15–5.15.61

OR

linuxlinux_kernelRange5.16–5.18.18

OR

linuxlinux_kernelRange5.19–5.19.2

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.15.61
linux:linux_kernellinux linux kernellt5.18.18
linux:linux_kernellinux linux kernellt5.19.2

References

www.openwall.com/lists/oss-security/2022/12/23/10

cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c

github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c

www.secpod.com/blog/zero-day-server-message-block-smb-server-in-linux-kernel-5-15-has-a-critical-vulnerability-patch-ksmbd-immediately/

www.zerodayinitiative.com/advisories/ZDI-22-1690/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

Related for CVE-2022-47939

prion1 debiancve1 wizblog1 nvd1 cbl_mariner1 zdi1 nessus2 redhatcve1 cvelist1 ubuntucve1 rosalinux1