out-of-bounds read memory can be written to a file, if DataOffset is 0 and Length is too large in SMB2_WRITE request of compound request in fs/ksmbd/smb2misc.c can allow a remote authenticated attacker to disclose sensitive information
out-of-bounds read memory can be written to a file, if DataOffset is 0 and Length is too large in SMB2_WRITE request of compound request in fs/ksmbd/smb2misc.c can allow a remote authenticated attacker to disclose sensitive information
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac60778b87e45576d7bfdbd6f53df902654e6f09 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 https://kernel.dance/#CVE-2022-47943 https://www.zerodayinitiative.com/advisories/ZDI-22-1691/