[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-47940Date: (C)2022-12-24   (M)2024-04-26


An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score :
Exploit Score: 2.8Exploit Score:
Impact Score: 5.2Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: LOWAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: NONE 
Availability: HIGH 
  
Reference:
http://www.openwall.com/lists/oss-security/2022/12/23/10
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=158a66b245739e15858de42c0ba60fcf3de9b8e6
https://github.com/torvalds/linux/commit/158a66b245739e15858de42c0ba60fcf3de9b8e6

CPE    1
cpe:/o:linux:linux_kernel
CWE    1
CWE-125
OVAL    8
oval:org.secpod.oval:def:707941
oval:org.secpod.oval:def:707962
oval:org.secpod.oval:def:89464
oval:org.secpod.oval:def:94916
...

© SecPod Technologies