CVE-2022-49366
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49366
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49366.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49366
- Downstream
- Published
- 2025-02-26T02:11:11Z
- Modified
- 2025-10-14T22:23:27.423195Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ksmbd: fix reference count leak in smb_check_perm_dacl()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix reference count leak in smbcheckperm_dacl()
The issue happens in a specific path in smbcheckpermdacl(). When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference count of the object "posixacls", which is increased by get_acl() earlier. This may result in memory leaks.
Fix it by decreasing the reference count of "posixacls" before jumping to label "checkaccess_bits".
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/248d71b440aef829f5cc5f6545ca113ef5062900
- https://git.kernel.org/stable/c/9758a6653c27867d810de02b4e5697163dda9883
- https://git.kernel.org/stable/c/cf824b95c12a1abacadbc2d069931963221a3414
- https://git.kernel.org/stable/c/d21a580dafc69aa04f46e6099616146a536b0724
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced777cad1604d68ed4379ec899d1f7d2f6a29f01f0Fixedcf824b95c12a1abacadbc2d069931963221a3414
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced777cad1604d68ed4379ec899d1f7d2f6a29f01f0Fixed248d71b440aef829f5cc5f6545ca113ef5062900
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced777cad1604d68ed4379ec899d1f7d2f6a29f01f0Fixed9758a6653c27867d810de02b4e5697163dda9883
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced777cad1604d68ed4379ec899d1f7d2f6a29f01f0Fixedd21a580dafc69aa04f46e6099616146a536b0724
Affected versions
v5.*
v5.13
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.14
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.18.3
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "fs/ksmbd/smbacl.c",
"function": "smb_check_perm_dacl"
},
"signature_version": "v1",
"digest": {
"length": 3514.0,
"function_hash": "172407665383429625181771961879386860149"
},
"id": "CVE-2022-49366-11de613e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@248d71b440aef829f5cc5f6545ca113ef5062900"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "fs/ksmbd/smbacl.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"338426003681001266937215302121916074439",
"53010526558815056170227076501527462417",
"182118564173347301115413045328399053891",
"232596863942170675832387021107395408964"
],
"threshold": 0.9
},
"id": "CVE-2022-49366-241a23e7",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9758a6653c27867d810de02b4e5697163dda9883"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "fs/ksmbd/smbacl.c",
"function": "smb_check_perm_dacl"
},
"signature_version": "v1",
"digest": {
"length": 3514.0,
"function_hash": "172407665383429625181771961879386860149"
},
"id": "CVE-2022-49366-64ced5a7",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9758a6653c27867d810de02b4e5697163dda9883"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "fs/ksmbd/smbacl.c",
"function": "smb_check_perm_dacl"
},
"signature_version": "v1",
"digest": {
"length": 3514.0,
"function_hash": "172407665383429625181771961879386860149"
},
"id": "CVE-2022-49366-6a62998b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d21a580dafc69aa04f46e6099616146a536b0724"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "fs/ksmbd/smbacl.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"338426003681001266937215302121916074439",
"53010526558815056170227076501527462417",
"182118564173347301115413045328399053891",
"232596863942170675832387021107395408964"
],
"threshold": 0.9
},
"id": "CVE-2022-49366-91a3177d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf824b95c12a1abacadbc2d069931963221a3414"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "fs/ksmbd/smbacl.c",
"function": "smb_check_perm_dacl"
},
"signature_version": "v1",
"digest": {
"length": 3514.0,
"function_hash": "172407665383429625181771961879386860149"
},
"id": "CVE-2022-49366-b5c6ac80",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf824b95c12a1abacadbc2d069931963221a3414"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "fs/ksmbd/smbacl.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"338426003681001266937215302121916074439",
"53010526558815056170227076501527462417",
"182118564173347301115413045328399053891",
"232596863942170675832387021107395408964"
],
"threshold": 0.9
},
"id": "CVE-2022-49366-de33d7d9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d21a580dafc69aa04f46e6099616146a536b0724"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "fs/ksmbd/smbacl.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"338426003681001266937215302121916074439",
"53010526558815056170227076501527462417",
"182118564173347301115413045328399053891",
"232596863942170675832387021107395408964"
],
"threshold": 0.9
},
"id": "CVE-2022-49366-f2901a2d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@248d71b440aef829f5cc5f6545ca113ef5062900"
}
]
}