CVE-2022-27239

HIGH

cifs-utils < 6.15 - Stack-based Buffer Overflow via mount.cifs ip Argument

Title source: llm
STIX 2.1

Description

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

References (11)

Core 11
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5157
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-05
Issue Tracking, Permissions Required, Vendor Advisory
https://bugzilla.samba.org/show_bug.cgi?id=15025
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1197216
Issue Tracking, Patch, Third Party Advisory
https://github.com/piastry/cifs-utils/pull/7

Scores

CVSS v3 7.8
EPSS 0.0005
EPSS Percentile 16.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (25)
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
hp/helion_openstack 8.0
samba/cifs-utils < 6.15
suse/caas_platform 4.0
suse/enterprise_storage 6.0
... and 15 more
Published Apr 27, 2022
Tracked Since Feb 18, 2026