CVE-2022-37966
Publication date 9 November 2022
Last updated 19 September 2025
Ubuntu priority
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| samba | 25.04 plucky |
Fixed 2:4.17.5+dfsg-2ubuntu1
|
| 24.04 LTS noble |
Fixed 2:4.17.5+dfsg-2ubuntu1
|
|
| 22.04 LTS jammy |
Fixed 2:4.15.13+dfsg-0ubuntu1
|
|
| 20.04 LTS focal |
Fixed 2:4.15.13+dfsg-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic | Ignored see notes | |
| 16.04 LTS xenial | Ignored see notes | |
| 14.04 LTS trusty |
Vulnerable
|
Notes
mdeslaur
commits come after CVE-2022-38023 and CVE-2022-45141 The focal samba update was temporarily reverted by USN 5822-2 because it introduced regressions. It was later updated again with USN 5936-1.
leosilva
The proposed fixes require substantial architectural changes that are beyond what is possible with the old samba codebase in bionic and earlier releases. It is also unfeasible to update the samba package due to dependency constraints. As such, we will not be releasing updates for this issue, and marking the entries as ignored. As a mitigation alternative, we recommend that customers running samba on these releases to properly firewall samba connections from trusted machines only.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.1 · High
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5822-1
- Samba vulnerabilities
- 24 January 2023
- USN-5936-1
- Samba vulnerabilities
- 8 March 2023