CVE-2022-49058: cifs: potential buffer overflow in handling symlinks
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=2.6.37<4.9.311 | |
| Linux Kernel | >=4.10<4.14.276 | |
| Linux Kernel | >=4.15<4.19.239 | |
| Linux Kernel | >=4.20<5.4.190 | |
| Linux Kernel | >=5.5<5.10.112 | |
| Linux Kernel | >=5.11<5.15.35 | |
| Linux Kernel | >=5.16<5.17.4 | |
| Linux Kernel | =5.18-rc1 | |
| Linux Kernel | =5.18-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/3e582749e742e662a8e9bb37cffac62dccaaa1e2
- https://git.kernel.org/stable/c/1316c28569a80ab3596eeab05bf5e01991e7e739
- https://git.kernel.org/stable/c/eb5f51756944735ac70cd8bb38637cc202e29c91
- https://git.kernel.org/stable/c/22d658c6c5affed10c8907e67160cef0b6c92186
- https://git.kernel.org/stable/c/4e166a41180be2f1e66bbb6d46448e80a9a5ec05
- https://git.kernel.org/stable/c/9901b07ba42b39266b34a888e48d7306fd707bee
- https://git.kernel.org/stable/c/515e7ba11ef043d6febe69389949c8ef5f25e9d0
- https://git.kernel.org/stable/c/64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304
Frequently Asked Questions
What is the severity of CVE-2022-49058?
CVE-2022-49058 is considered a high severity vulnerability due to the potential for a buffer overflow.
How do I fix CVE-2022-49058?
To fix CVE-2022-49058, update the Linux kernel to the latest patched version that addresses this vulnerability.
What software is affected by CVE-2022-49058?
CVE-2022-49058 affects multiple versions of the Linux Kernel, specifically versions between 2.6.37 and 5.18-rc2.
What types of exploits can CVE-2022-49058 enable?
CVE-2022-49058 can enable remote attackers to potentially execute arbitrary code or escalate privileges via crafted symlinks.
Is CVE-2022-49058 being actively exploited in the wild?
As of now, there is no public information indicating that CVE-2022-49058 is being actively exploited in the wild.
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/type
- agent/author
- agent/title
- agent/references
- agent/source
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.37
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.18-rc1
- version/linux kernel/5.18-rc2