CVE-2022-47939Use After Free in Kernel

CWE-416Use After Free11 documents8 sources
Severity
9.8CRITICALNVD
EPSS
1.1%
top 21.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.86.1-1 ON CBL Mariner 2.0
Timeline
PublishedDec 23
Latest updateFeb 18

Description

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.155.15.61+2
Debianlinux/linux_kernel< 5.19.6-1+2
debiandebian/linux< linux 5.19.6-1 (bookworm)

Patches

Patch: cdn.kernel.orgPatch: git.kernel.orgPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2022-47939: An issue was discovered in ksmbd in the Linux kernel 52022-12-23
GHSA
GHSA-c5f7-v4rr-qv23: An issue was discovered in ksmbd in the Linux kernel before 52022-12-23

📋Vendor Advisories

3
Red Hat
kernel: smb2_tree_disconnect() fails to validate object existance prior to performing opertions on it2022-12-22
Microsoft
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.2022-12-13
Debian
CVE-2022-47939: linux - An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5....2022

🕵️Threat Intelligence

5
Wiz
RCE meaning: Remote code execution attacks explained | Wiz2026-02-18
Wiz
RCE meaning: Remote code execution attacks explained | Wiz2026-02-18
Tenable
CVE-2022-47939: Critical RCE Vulnerability in Linux Kernel2022-12-29
Wiz
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know | Wiz Blog2022-12-27
Wiz
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know | Wiz Blog2022-12-27