CVE-2022-0168

Summary

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

Affected Software

VendorProductVersion RangeStatus
n/akernelAffects v5.4–5.12, v5.13-rc+HEADaffected

Weaknesses

  • CWE-476: CWE-476 - NULL Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

References