CVE-2022-47939: 
CBL Mariner vulnerability analysis and mitigation

A critical use-after-free vulnerability (CVE-2022-47939) was discovered in the ksmbd module of the Linux kernel versions 5.15 through 5.19 before 5.19.2. The vulnerability exists in fs/ksmbd/smb2pdu.c during the processing of SMB2TREEDISCONNECT commands (ZDI Advisory, NVD). The vulnerability was discovered on July 26, 2022, and publicly disclosed on December 22, 2022 (SecPod Blog).

The vulnerability stems from a failure to validate the existence of an object before performing operations on it in the SMB2TREEDISCONNECT command processing. When smb2treedisconnect() freed the struct ksmbdtreeconnect, it left a dangling pointer that could be accessed again under compound requests. This resulted in a use-after-free condition that could lead to system crashes or potential code execution (Kernel Commit). The vulnerability has been assigned a CVSS score of 9.8 CRITICAL with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code in the context of the kernel without requiring authentication. However, only systems with the ksmbd module enabled are vulnerable. The ksmbd module was introduced in Linux 5.15 and is not enabled by default on most operating systems, which limits the potential impact (SecPod Blog).

The vulnerability has been fixed in Linux kernel version 5.15.61 and later versions. Users are advised to update their systems to these patched versions. For systems that cannot be immediately updated, disabling the ksmbd module (if enabled) would prevent exploitation (SecPod Blog).