CVE-2022-47942: 
CBL Mariner vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability was discovered in ksmbd in the Linux kernel versions 5.15 through 5.19 before 5.19.2. The vulnerability (CVE-2022-47942) exists in the setntacldacl function and is related to the use of SMB2QUERYINFOHE command after a malformed SMB2SETINFOHE command (NVD, ZDI Advisory).

The vulnerability occurs when processing security descriptors in the ksmbd module. When a malformed file attribute is set under the label 'security.NTACL' using SMB2SETINFOHE command, a subsequent SMB2QUERYINFOHE command can trigger a heap-based buffer overflow. The issue stems from insufficient buffer validation for security descriptors stored by malformed SMB2SETINFO_HE commands. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows authenticated remote attackers to execute arbitrary code in the context of the kernel. This could potentially lead to complete system compromise with kernel-level privileges (ZDI Advisory).

The vulnerability has been fixed in Linux kernel version 5.19.2 and backported to affected stable kernel versions. The fix includes adding proper buffer validation for security descriptors and allocating appropriate response buffer sizes for SMB2OINFO_SECURITY file info class (Kernel Commit).