CVE-2022-49058

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49058
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49058.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49058
Downstream
Related
Published
2025-02-26T01:54:29.195Z
Modified
2026-03-20T12:22:08.419365Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
cifs: potential buffer overflow in handling symlinks
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: potential buffer overflow in handling symlinks

Smatch printed a warning: arch/x86/crypto/poly1305glue.c:198 poly1305update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max)

It's caused because Smatch marks 'linklen' as untrusted since it comes from sscanf(). Add a check to ensure that 'linklen' is not larger than the size of the 'link_str' buffer.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49058.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131
Fixed
3e582749e742e662a8e9bb37cffac62dccaaa1e2
Fixed
1316c28569a80ab3596eeab05bf5e01991e7e739
Fixed
eb5f51756944735ac70cd8bb38637cc202e29c91
Fixed
22d658c6c5affed10c8907e67160cef0b6c92186
Fixed
4e166a41180be2f1e66bbb6d46448e80a9a5ec05
Fixed
9901b07ba42b39266b34a888e48d7306fd707bee
Fixed
515e7ba11ef043d6febe69389949c8ef5f25e9d0
Fixed
64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49058.json"