Vulnerabilities > CVE-2022-47942 - Out-of-bounds Write vulnerability in Linux Kernel
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/torvalds/linux/commit/8f0541186e9ad1b62accc9519cc2b7a7240272a7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f0541186e9ad1b62accc9519cc2b7a7240272a7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
- http://www.openwall.com/lists/oss-security/2022/12/23/10
- https://www.zerodayinitiative.com/advisories/ZDI-22-1688/