Bug 2155944 (CVE-2022-47940, ZDI-22-1691, ZDI-CAN-17817) - CVE-2022-47940 kernel: smb2_write() fails to validate user supplied data which can result in out-of-bounds read
Summary: CVE-2022-47940 kernel: smb2_write() fails to validate user supplied data whic...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-47940, ZDI-22-1691, ZDI-CAN-17817
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2155949
Blocks: 2155936
TreeView+ depends on / blocked
 
Reported: 2022-12-23 01:29 UTC by Michael Kaplan
Modified: 2024-10-18 08:29 UTC (History)
42 users (show)

Fixed In Version: kernel 6.0-rc1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-12-24 14:39:43 UTC
Embargoed:


Attachments (Terms of Use)

Description Michael Kaplan 2022-12-23 01:29:03 UTC
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of SMB2_WRITE commands. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel.

References: 

https://www.zerodayinitiative.com/advisories/ZDI-22-1691/

Comment 1 Michael Kaplan 2022-12-23 02:02:17 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2155949]

Comment 4 Sandipan Roy 2022-12-23 05:35:06 UTC
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.

Comment 8 Product Security DevOps Team 2022-12-24 14:39:38 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-47940


Note You need to log in before you can comment on or make changes to this bug.