CVE-2022-49058

cifs: potential buffer overflow in handling symlinks

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes
from sscanf(). Add a check to ensure that 'link_len' is not larger than
the size of the 'link_str' buffer.

A buffer overflow vulnerability has been identified in the Linux kernel's Common Internet File System (CIFS) module, specifically within the parse_mf_symlink() function. This flaw is caused by insufficient input validation on the link_len value, which dictates the length of a symbolic link. An attacker could exploit this issue by providing an overly large symlink string, leading to a buffer overflow. This can result in memory corruption, system instability, or a denial-of-service condition.

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.

*Credits: N/A

CVSS Scores

redhat-cnalrv3.1 7.0

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-05-04 CVE Updated
2025-07-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3e582749e742e662a8e9bb37cffac62dccaaa1e2	2022-04-20
https://git.kernel.org/stable/c/1316c28569a80ab3596eeab05bf5e01991e7e739	2022-04-20
https://git.kernel.org/stable/c/eb5f51756944735ac70cd8bb38637cc202e29c91	2022-04-20
https://git.kernel.org/stable/c/22d658c6c5affed10c8907e67160cef0b6c92186	2022-04-20
https://git.kernel.org/stable/c/4e166a41180be2f1e66bbb6d46448e80a9a5ec05	2022-04-20
https://git.kernel.org/stable/c/9901b07ba42b39266b34a888e48d7306fd707bee	2022-04-20
https://git.kernel.org/stable/c/515e7ba11ef043d6febe69389949c8ef5f25e9d0	2022-04-20
https://git.kernel.org/stable/c/64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304	2022-04-13

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49058	2025-07-23
https://bugzilla.redhat.com/show_bug.cgi?id=2348254	2025-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 4.9.311 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 4.9.311"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 4.14.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 4.14.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 4.19.239 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 4.19.239"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.4.190 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.4.190"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.10.112 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.10.112"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.15.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.15.35"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.17.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.17.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.18"		en		Affected