Vulnerability CVE-2022-27239: Information

Description

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-27239

Published: April 27, 2022

Modified: Nov. 24, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
cifs-utils	sisyphus	6.15-alt1	7.0-alt1	ALT-PU-2022-2522-1	306005	Fixed
cifs-utils	sisyphus_e2k	6.15-alt1	7.0-alt1	ALT-PU-2022-5942-1	-	Fixed
cifs-utils	sisyphus_mipsel	6.15-alt1	7.0-alt1	ALT-PU-2022-5889-1	-	Fixed
cifs-utils	sisyphus_riscv64	6.15-alt1	7.0-alt1	ALT-PU-2022-5891-1	-	Fixed
cifs-utils	p10	6.15-alt1	6.15-alt1	ALT-PU-2022-2576-1	306006	Fixed
cifs-utils	p10_e2k	6.15-alt1	6.15-alt1	ALT-PU-2022-6096-1	-	Fixed
cifs-utils	c10f1	6.15-alt1	6.15-alt1	ALT-PU-2022-2576-1	306006	Fixed
cifs-utils	c9f2	6.15-alt1	6.15-alt1	ALT-PU-2022-2563-1	306007	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba	Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=15025	Issue Tracking Permissions Required Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1197216	Issue Tracking Patch Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7	Issue Tracking Patch Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765	Patch Third Party Advisory
[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update	Mailing List Third Party Advisory
DSA-5157	Third Party Advisory
FEDORA-2022-eb2d3ca94d
FEDORA-2022-7fda04ab5a
FEDORA-2022-34de4f833d
GLSA-202311-05

Affected configurations:
1. Configuration 1
  cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*
  End excliding
  6.15
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*
  cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*
  cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*
  cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*
  cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*
  cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
  cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*
  cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*
  cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*
  cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*
  cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:espos:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:-:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*
  cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:espos:*:*:*
  cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*
  cpe:2.3:a:suse:linux_enterprise_point_of_service:11.0:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*
  cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:business_critical_linux:-:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:business_critical_linux:-:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*
  cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*
  cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*
  cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*
  cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*
  cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*
  cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*
  cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*
  cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*
  cpe:2.3:a:suse:linux_enterprise_storage:7.1:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2022-27239: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5