CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
81.4%
Issue Overview:
A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. (CVE-2022-27239)
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. (CVE-2022-29869)
Affected Packages:
cifs-utils
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update cifs-utils to update your system.
New Packages:
aarch64:
cifs-utils-6.2-10.amzn2.0.4.aarch64
cifs-utils-devel-6.2-10.amzn2.0.4.aarch64
cifs-utils-debuginfo-6.2-10.amzn2.0.4.aarch64
i686:
cifs-utils-6.2-10.amzn2.0.4.i686
cifs-utils-devel-6.2-10.amzn2.0.4.i686
cifs-utils-debuginfo-6.2-10.amzn2.0.4.i686
src:
cifs-utils-6.2-10.amzn2.0.4.src
x86_64:
cifs-utils-6.2-10.amzn2.0.4.x86_64
cifs-utils-devel-6.2-10.amzn2.0.4.x86_64
cifs-utils-debuginfo-6.2-10.amzn2.0.4.x86_64
Red Hat: CVE-2022-27239, CVE-2022-29869
Mitre: CVE-2022-27239, CVE-2022-29869
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | aarch64 | cifs-utils | < 6.2-10.amzn2.0.4 | cifs-utils-6.2-10.amzn2.0.4.aarch64.rpm |
Amazon Linux | 2 | aarch64 | cifs-utils-devel | < 6.2-10.amzn2.0.4 | cifs-utils-devel-6.2-10.amzn2.0.4.aarch64.rpm |
Amazon Linux | 2 | aarch64 | cifs-utils-debuginfo | < 6.2-10.amzn2.0.4 | cifs-utils-debuginfo-6.2-10.amzn2.0.4.aarch64.rpm |
Amazon Linux | 2 | i686 | cifs-utils | < 6.2-10.amzn2.0.4 | cifs-utils-6.2-10.amzn2.0.4.i686.rpm |
Amazon Linux | 2 | i686 | cifs-utils-devel | < 6.2-10.amzn2.0.4 | cifs-utils-devel-6.2-10.amzn2.0.4.i686.rpm |
Amazon Linux | 2 | i686 | cifs-utils-debuginfo | < 6.2-10.amzn2.0.4 | cifs-utils-debuginfo-6.2-10.amzn2.0.4.i686.rpm |
Amazon Linux | 2 | x86_64 | cifs-utils | < 6.2-10.amzn2.0.4 | cifs-utils-6.2-10.amzn2.0.4.x86_64.rpm |
Amazon Linux | 2 | x86_64 | cifs-utils-devel | < 6.2-10.amzn2.0.4 | cifs-utils-devel-6.2-10.amzn2.0.4.x86_64.rpm |
Amazon Linux | 2 | x86_64 | cifs-utils-debuginfo | < 6.2-10.amzn2.0.4 | cifs-utils-debuginfo-6.2-10.amzn2.0.4.x86_64.rpm |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
81.4%