CVE-2022-0168: 
Linux Kernel vulnerability analysis and mitigation

A denial of service (DOS) vulnerability (CVE-2022-0168) was discovered in the Linux kernel's smb2ioctlquery_info function within the Common Internet File System (CIFS) implementation. The vulnerability was found in the fs/cifs/smb2ops.c file and was disclosed in January 2022. The issue affects Linux kernel versions up to (excluding) 5.18 and various Linux distributions including Red Hat Enterprise Linux 8.0 and 9.0 (NVD, CVE).

The vulnerability stems from an incorrect validation of the return value from the memdupuser function in the smb2ioctlqueryinfo function. When qi.outputbufferlength is set to zero, the memdupuser function returns 0x10, which is not a valid pointer but can pass the validation check. This invalid buffer is then passed to the SMB2setinfoinit function when qi.flags equals PASSTHRUSETINFO, leading to a NULL pointer dereference (Redhat Bugzilla). The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability allows a local privileged attacker (with CAPSYSADMIN capabilities) to cause a denial of service condition by crashing the system. The impact is limited to system availability, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in the Linux kernel through commit d6f5e358452479fa8a773b5c6ccc9e4ec5a20880, which adds proper validation of the outputbufferlength parameter. The fix has been backported to various Linux distributions. For Red Hat Enterprise Linux, fixes are available through security updates RHSA-2022:7444, RHSA-2022:7683, RHSA-2022:7933, and RHSA-2022:8267 (Kernel Commit, Redhat Bugzilla).