2155947 – (CVE-2022-47938, ZDI-22-1689, ZDI-CAN-17818) CVE-2022-47938 kernel: improper input validation in handling of SMB2_TREE_CONNECT command can result in out-of-bounds read which could result in DoS

Bug 2155947 (CVE-2022-47938, ZDI-22-1689, ZDI-CAN-17818) - CVE-2022-47938 kernel: improper input validation in handling of SMB2_TREE_CONNECT command can result in out-of-bounds read which could result in DoS

Summary: CVE-2022-47938 kernel: improper input validation in handling of SMB2_TREE_CON...

Keywords:
Status:	NEW
Alias:	CVE-2022-47938, ZDI-22-1689, ZDI-CAN-17818
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2155953 2155994 2155995 2155996 2155997
Blocks:	2155936
TreeView+	depends on / blocked

Reported:	2022-12-23 02:00 UTC by Michael Kaplan
Modified:	2023-07-07 08:28 UTC (History)
CC List:	37 users (show)
Fixed In Version:	kernel 6.0-rc1
Doc Type:	If docs needed, set a value
Doc Text:	A denial-of-service flaw was found in the Linux Kernel while handling SMB2_TREE_CONNECT commands in CIFS Filesystem. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to create a denial-of-service condition in the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Michael Kaplan 2022-12-23 02:00:25 UTC

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of SMB2_TREE_CONNECT commands. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

References: 

https://www.zerodayinitiative.com/advisories/ZDI-22-1689/

Comment 1 Michael Kaplan 2022-12-23 02:02:32 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2155953]

Note You need to log in before you can comment on or make changes to this bug.

acaringi
bhu
cchiang
chwhite
crwood
ddepaula
debarbos
dfreiber
dvlasenk
ezulian
hkrzesin
jarod
jburrell
jfaracco
jferlan
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
kernel-mgr
lgoncalv
lleshchi
lzampier
nmurray
ptalbert
qzhao
rogbas
rvrbovsk
saroy
scweaver
tyberry
vkumar
walters
williams