SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.8		CVSS Score : 7.2
Exploit Score: 1.8		Exploit Score: 3.9
Impact Score: 5.9		Impact Score: 10.0

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: LOCAL		Access Vector: LOCAL
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: LOW		Authentication: NONE
User Interaction: NONE		Confidentiality: COMPLETE
Scope: UNCHANGED		Integrity: COMPLETE
Confidentiality: HIGH		Availability: COMPLETE
Integrity: HIGH
Availability: HIGH

Reference:

DSA-5157

FEDORA-2022-34de4f833d

FEDORA-2022-7fda04ab5a

FEDORA-2022-eb2d3ca94d

GLSA-202311-05

https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html

http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba

https://bugzilla.samba.org/show_bug.cgi?id=15025

https://bugzilla.suse.com/show_bug.cgi?id=1197216

https://github.com/piastry/cifs-utils/pull/7

https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765


30479



423868



250770



909



196157



282