CHK NVD : CVE-2022-47940 - 7b15684c

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2022-47940 - Cvss3 : 8.1

https://www.linuxkernelcves.com/cves/CVE-2022-47940 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2022-47940.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2022-47940.json

- CVE-2022-47940
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18.0 up to (excluding) 5.18.18
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.19.0 up to (excluding) 5.19
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.18.18
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.19
- Reference (Commit)
  - ksmbd: validate length in smb2_write()
    - Fixed by
      - 5.18.18 (61eb8b5368006fe0be0f6b1e2dff3ab284db256f)
      - 5.19 (158a66b245739e15858de42c0ba60fcf3de9b8e6) (upstream)
    - Will be introduced by
      - 5.15 (e2f34481b24d)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2022-47940	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:linux:linux_kernel	5.15	5.18.8

[witchcraze]

ok