CVE-2022-47943: 
CBL Mariner vulnerability analysis and mitigation

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. The vulnerability is tracked as CVE-2022-47943 and has been assigned a CVSS v3.1 base score of 8.1 (HIGH) (NVD).

The vulnerability exists within the handling of SMB2WRITE commands. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. When checking the length of the data area of SMB2WRITE in smb2getdataarealen(), the minimum of DataOffset should be the size of SMB2 header plus the size of SMB2WRITE header. Out-of-bounds read memory can be written to a file if DataOffset is 0 and Length is too large in SMB2WRITE request of compound request (Kernel Commit).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information or Denial of Service (DoS). An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel (ZDI Advisory, NetApp Advisory).

Linux has issued an update to correct this vulnerability through a patch that prevents out-of-bounds read for SMB2WRITE. The fix involves proper validation of the DataOffset parameter and ensuring it's not less than the size of the SMB2WRITE header (Kernel Commit).