CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Published: Apr 27, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27239
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
samba / cifs-utils	-	6.15
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
suse / linux_enterprise_server	11-sp4	11-sp4.x
suse / openstack_cloud	8.0	8.0.x
suse / linux_enterprise_server	15	15.x
suse / linux_enterprise_software_development_kit	12-sp5	12-sp5.x
suse / openstack_cloud_crowbar	8.0	8.0.x
suse / openstack_cloud_crowbar	9.0	9.0.x
suse / openstack_cloud	9.0	9.0.x
suse / linux_enterprise_server	12-sp3	12-sp3.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
suse / manager_server	4.1	4.1.x
suse / linux_enterprise_server	12-sp5	12-sp5.x
suse / linux_enterprise_desktop	15-sp3	15-sp3.x
suse / linux_enterprise_server	15-sp3	15-sp3.x
suse / linux_enterprise_server	15-sp4	15-sp4.x
suse / linux_enterprise_desktop	15-sp4	15-sp4.x
suse / enterprise_storage	7.0	7.0.x
suse / caas_platform	4.0	4.0.x
suse / enterprise_storage	6.0	6.0.x
suse / manager_proxy	4.1	4.1.x
suse / linux_enterprise_server	15-sp1	15-sp1.x
suse / linux_enterprise_server	15-sp2	15-sp2.x
suse / linux_enterprise_high_performance_computing	12.0-sp5	12.0-sp5.x
suse / linux_enterprise_high_performance_computing	15.0	15.0.x
suse / linux_enterprise_high_performance_computing	15.0-sp1	15.0-sp1.x
suse / linux_enterprise_high_performance_computing	15.0-sp2	15.0-sp2.x
suse / linux_enterprise_high_performance_computing	15.0-sp3	15.0-sp3.x
suse / linux_enterprise_high_performance_computing	15.0-sp4	15.0-sp4.x
suse / linux_enterprise_server	12-sp4	12-sp4.x
suse / linux_enterprise_real_time	15.0-sp2	15.0-sp2.x
suse / linux_enterprise_point_of_service	11.0-sp3	11.0-sp3.x
suse / linux_enterprise_micro	5.2	5.2.x
suse / linux_enterprise_server	12-sp2	12-sp2.x
suse / manager_retail_branch_server	4.2	4.2.x
suse / manager_retail_branch_server	4.1	4.1.x
suse / manager_retail_branch_server	4.3	4.3.x
suse / manager_server	4.2	4.2.x
suse / manager_server	4.3	4.3.x
suse / manager_proxy	4.2	4.2.x
suse / manager_proxy	4.3	4.3.x
suse / linux_enterprise_storage	7.1	7.1.x
hp / helion_openstack	8.0	8.0.x
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x

Vulnerability Database

CVE-2022-27239

Deep Security Visibility Without the Complexity