Lucene search

[email protected]NVD:CVE-2022-27239

HistoryApr 27, 2022 - 2:15 p.m.

CVE-2022-27239

2022-04-2714:15:09

CWE-787

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.3%

JSON

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Affected configurations

NVD

Node

sambacifs-utilsRange<6.15

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

susecaas_platformMatch4.0

suseenterprise_storageMatch6.0

suseenterprise_storageMatch7.0

suselinux_enterprise_point_of_serviceMatch11.0sp3

suselinux_enterprise_storageMatch7.1

susemanager_proxyMatch4.1

susemanager_proxyMatch4.2

susemanager_proxyMatch4.3

susemanager_retail_branch_serverMatch4.1

susemanager_retail_branch_serverMatch4.2

susemanager_retail_branch_serverMatch4.3

susemanager_serverMatch4.1

susemanager_serverMatch4.2

susemanager_serverMatch4.3

suseopenstack_cloudMatch8.0

suseopenstack_cloudMatch9.0

suseopenstack_cloud_crowbarMatch8.0

suseopenstack_cloud_crowbarMatch9.0

suselinux_enterprise_desktopMatch15sp3

suselinux_enterprise_desktopMatch15sp4

suselinux_enterprise_high_performance_computingMatch12.0sp5-

suselinux_enterprise_high_performance_computingMatch15.0-ltss

suselinux_enterprise_high_performance_computingMatch15.0sp1espos

suselinux_enterprise_high_performance_computingMatch15.0sp1ltss

suselinux_enterprise_high_performance_computingMatch15.0sp2espos

suselinux_enterprise_high_performance_computingMatch15.0sp2ltss

suselinux_enterprise_high_performance_computingMatch15.0sp3-

suselinux_enterprise_high_performance_computingMatch15.0sp4-

suselinux_enterprise_microMatch5.2-

suselinux_enterprise_microMatch5.2rancher

suselinux_enterprise_real_timeMatch15.0sp2

suselinux_enterprise_serverMatch11sp3-

suselinux_enterprise_serverMatch11sp4ltss

suselinux_enterprise_serverMatch12sp2business_critical_linux-

suselinux_enterprise_serverMatch12sp3sap

suselinux_enterprise_serverMatch12sp3business_critical_linux-

suselinux_enterprise_serverMatch12sp3espos

suselinux_enterprise_serverMatch12sp3ltss

suselinux_enterprise_serverMatch12sp4-sap

suselinux_enterprise_serverMatch12sp4espos

suselinux_enterprise_serverMatch12sp4ltss

suselinux_enterprise_serverMatch12sp5sap

suselinux_enterprise_serverMatch15sap

suselinux_enterprise_serverMatch15-espos

suselinux_enterprise_serverMatch15-ltss

suselinux_enterprise_serverMatch15sp1business_critical_linux-

suselinux_enterprise_serverMatch15sp1ltss

suselinux_enterprise_serverMatch15sp2business_critical_linux-

suselinux_enterprise_serverMatch15sp2ltss

suselinux_enterprise_serverMatch15sp3

suselinux_enterprise_serverMatch15sp4

suselinux_enterprise_software_development_kitMatch12sp5

Node

hphelion_openstackMatch8.0

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

References

wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba

bugzilla.samba.org/show_bug.cgi?id=15025

bugzilla.suse.com/show_bug.cgi?id=1197216

github.com/piastry/cifs-utils/pull/7

github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765

lists.debian.org/debian-lts-announce/2022/05/msg00020.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/

security.gentoo.org/glsa/202311-05

www.debian.org/security/2022/dsa-5157

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.3%

JSON

Related for NVD:CVE-2022-27239

nessus36 osv4 openvas30 cvelist1 alpinelinux1 amazon3 prion1 debiancve1 veracode1 cbl_mariner2 suse2 cve1 ubuntucve1 redhatcve1 fedora3 debian2 mageia1 gentoo1 photon5 ubuntu1