CVE-2022-0168 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-0168

CVE-2022-0168

August 26, 2022

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

Related Resources (9)

https://access.redhat.com/errata/RHSA-2022:8267

https://people.canonical.com/~ubuntu-security/cve/CVE-2022-0168

https://access.redhat.com/errata/RHSA-2022:7683

https://bugzilla.redhat.com/show_bug.cgi?id=2037386

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880

https://access.redhat.com/errata/RHSA-2022:7933

https://security-tracker.debian.org/tracker/CVE-2022-0168

https://access.redhat.com/errata/RHSA-2022:7444

https://access.redhat.com/security/cve/CVE-2022-0168

Do you need more information?

CVSS v4

Base Score:

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

EPSS

Base Score:

0.02

Products

Solutions

Resources

Company

Compare

Developer Tools