CVE-2022-27239
high-risk
Published 2022-04-27
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Cifs-Utils
Caas Platform
Linux Enterprise Point Of Service
Linux Enterprise Storage
Manager Retail Branch Server
Manager Retail Branch Server
Manager Retail Branch Server
Affected Vendors
References (22)
Third Party Advisory
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba
Issue Tracking
https://bugzilla.samba.org/show_bug.cgi?id=15025
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1197216
Issue Tracking
https://github.com/piastry/cifs-utils/pull/7
Third Party Advisory
https://www.debian.org/security/2022/dsa-5157
Third Party Advisory
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba
Issue Tracking
https://bugzilla.samba.org/show_bug.cgi?id=15025
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1197216
Issue Tracking
https://github.com/piastry/cifs-utils/pull/7
and 2 more references
51
/ 100
high-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
27/34 · High