Cyber Resilience

CVE-2022-47941

High

Published: 23 December 2022

Published
23 December 2022
Modified
15 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0751 92.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-47941 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-47941 is a memory leak vulnerability (CWE-401) in the ksmbd SMB server component of the Linux kernel, specifically affecting versions 5.15 through 5.19 prior to 5.19.2. The flaw resides in fs/ksmbd/smb2pdu.c where the smb2_handle_negotiate function omits a required kfree call under certain error conditions, allowing allocated memory to persist without release.

Remote attackers with no authentication or user interaction can trigger the leak over the network by sending crafted SMB2 negotiate requests that reach the affected error paths. Successful exploitation leads to gradual memory exhaustion and a denial-of-service condition with high availability impact, as reflected in the CVSS 7.5 score.

The vulnerability was addressed by a one-line fix adding the missing kfree, merged into the mainline kernel as commit aa7253c2393f6dcd6a1468b0792f6da76edad917 and released in the 5.19.2 changelog. Public references including the Zero Day Initiative advisory ZDI-22-1687 and the oss-security posting recommend upgrading to a patched kernel version.

The associated EPSS score has remained flat at its peak value of 0.0751 with no material increase since disclosure.

EU & UK References

Vulnerability details

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
5.15 — 5.15.61 · 5.16 — 5.18.18 · 5.19 — 5.19.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References