search cancel

API Gateway and ZDI-22-1690 /CVE-2022-47939 vulnerability

book

Article ID: 256804

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Is API Gateway affected by ZDI-22-1690 / CVE-2022-47939 ?

https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

Environment

Release : 10.x

Resolution

The API gateway is running a older version of the kernel which is not impacted by  this ZDI vulnerability , also this kernel module is not loaded by default.

see also the redhat article :

https://access.redhat.com/solutions/6991749

Look up for the SMB_SERVER functionality in your kernel:

$ grep SMB_SERVER /boot/config-$(uname -r)
# CONFIG_SMB_SERVER is not set

or

Raw
$ grep SMB_SERVER /boot/config-$(uname -r)
$ <no results>