SB20250226636 - Buffer overflow in Linux kernel cifs
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226636
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2022-49058)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_mf_symlink() function in fs/cifs/link.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1316c28569a80ab3596eeab05bf5e01991e7e739
- https://git.kernel.org/stable/c/22d658c6c5affed10c8907e67160cef0b6c92186
- https://git.kernel.org/stable/c/3e582749e742e662a8e9bb37cffac62dccaaa1e2
- https://git.kernel.org/stable/c/4e166a41180be2f1e66bbb6d46448e80a9a5ec05
- https://git.kernel.org/stable/c/515e7ba11ef043d6febe69389949c8ef5f25e9d0
- https://git.kernel.org/stable/c/64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304
- https://git.kernel.org/stable/c/9901b07ba42b39266b34a888e48d7306fd707bee
- https://git.kernel.org/stable/c/eb5f51756944735ac70cd8bb38637cc202e29c91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.239