CVE-2022-47940: 
CBL Mariner vulnerability analysis and mitigation

CVE-2022-47940 is a vulnerability discovered in the ksmbd component of the Linux kernel versions 5.15 through 5.18 before 5.18.18. The issue specifically relates to a lack of length validation in the non-padding case in smb2_write function within the fs/ksmbd/smb2pdu.c file (CVE).

The vulnerability stems from improper length validation in the SMB2 Write packet handling. The SMB2 Write packet contains data that is to be written to a file or pipe, and depending on the client, there may be padding between the header and the data field. The issue arose because length validation was only performed when padding was present, leaving a security gap in the non-padding case (Linux Commit). The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H (NVD).

An authenticated attacker could exploit this vulnerability to cause a denial of service (system crash), expose sensitive information (kernel memory), or potentially execute arbitrary code (Ubuntu).

The vulnerability has been fixed in Linux kernel version 5.18.18 and backported to affected stable versions. The fix involves validating the length in both padding and non-padding cases by removing the special case handling for padding (Linux Commit). Users should update their Linux kernel to a patched version.