CVE-2022-47938: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2022-47938) was discovered in the ksmbd component of the Linux kernel versions 5.15 through 5.19 before 5.19.2. The vulnerability exists in the fs/ksmbd/smb2misc.c file, specifically related to an out-of-bounds read and OOPS condition when handling SMB2TREECONNECT commands. The issue was discovered in December 2022 and received a CVSS v3.1 base score of 6.5 (Medium) (NVD, ZDI Advisory).

The vulnerability stems from improper validation of user-supplied data in the SMB2TREECONNECT command handling, which can result in a read past the end of an allocated buffer. The issue specifically occurs in the smbstrndupfrom_utf16 function when Status is not 0 and PathLength is long. This can trigger a KASAN (Kernel Address Sanitizer) slab-out-of-bounds error, leading to a system crash (Kernel Commit).

When exploited, this vulnerability can lead to a denial-of-service (DoS) condition on the affected system. The impact is limited to availability, with no direct impact on confidentiality or integrity of the system (ZDI Advisory).

The vulnerability has been fixed in Linux kernel version 5.19.2. The fix involves removing unnecessary error request validation in the server that allowed invalid requests to bypass message validation. Users should upgrade to kernel version 5.19.2 or later, or apply the relevant patch to their current kernel version (Kernel Commit).