Lucene search
Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier (@thalium_team)ZDI-22-1688HistoryDec 22, 2022 - 12:00 a.m.
Linux Kernel ksmbd Heap-based Buffer Overflow Remote Code Execution Vulnerability
2022-12-2200:00:00
Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier (@thalium_team)
www.zerodayinitiative.com
56
linux kernel
ksmbd
heap-based buffer overflow
remote code execution
authentication
file attributes
validation
user-supplied data
kernel.
0.006 Low
EPSS
Percentile
77.9%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of file attributes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel.
References
Related
nessus
nessus
CBL Mariner 2.0 Security Update: kernel (CVE-2022-47942)
2023-03-20 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel kmsbd multiple vulnerabilities
2023-01-11 00:00:00
redhatcve
redhatcve
CVE-2022-47942
2022-12-23 17:35:31
cbl_mariner
cbl_mariner
CVE-2022-47942 affecting package kernel for versions less than 5.15.86.1-1
2023-01-17 16:47:16
cve
cve
CVE-2022-47942
2022-12-23 16:15:12
cvelist
cvelist
CVE-2022-47942
2022-12-23 00:00:00
nvd
nvd
CVE-2022-47942
2022-12-23 16:15:12
prion
prion
Heap overflow
2022-12-23 16:15:00
debiancve
debiancve
CVE-2022-47942
2022-12-23 16:15:12
ubuntucve
ubuntucve
CVE-2022-47942
2022-12-23 00:00:00