Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2022-27239

Disclosure Date: April 27, 2022
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • debian,
  • fedoraproject,
  • hp,
  • samba,
  • suse

Products

  • caas platform 4.0,
  • cifs-utils,
  • debian linux 10.0,
  • debian linux 11.0,
  • debian linux 9.0,
  • enterprise storage 6.0,
  • enterprise storage 7.0,
  • fedora 34,
  • fedora 35,
  • fedora 36,
  • helion openstack 8.0,
  • linux enterprise desktop 15,
  • linux enterprise high performance computing 12.0,
  • linux enterprise high performance computing 15.0,
  • linux enterprise micro 5.2,
  • linux enterprise point of service 11.0,
  • linux enterprise real time 15.0,
  • linux enterprise server 11,
  • linux enterprise server 12,
  • linux enterprise server 15,
  • linux enterprise software development kit 12,
  • linux enterprise storage 7.1,
  • manager proxy 4.1,
  • manager proxy 4.2,
  • manager proxy 4.3,
  • manager retail branch server 4.1,
  • manager retail branch server 4.2,
  • manager retail branch server 4.3,
  • manager server 4.1,
  • manager server 4.2,
  • manager server 4.3,
  • openstack cloud 8.0,
  • openstack cloud 9.0,
  • openstack cloud crowbar 8.0,
  • openstack cloud crowbar 9.0
Technical Analysis