A critical remote code execution vulnerability (CVE-2022-47939) has been identified in the
ksmbd module of the Linux kernel.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable
what is KSMBD ?
KSMBD is an open-source In-kernel CIFS/SMB3 server created by Namjae Jeon for Linux Kernel. It’s an implementation of SMB/CIFS protocol in kernel space for sharing files and IPC services over the network. Initially, the target is to provide improved file I/O performances, but the bigger goal is to have some new features which are much easier to develop and maintain inside the kernel and expose the layers fully.
The vulnerability lies in the
ksmbd module, an in-kernel SMB file server that was introduced in Linux 5.15 release on August 29, 2021.
Potential attackers could exploit the security vulnerability found in the Linux kernel’s SMB2_TREE_DISCONNECT commands to trigger to execute code remotely on vulnerable Linux machines.
The three vulnerabilities can lead to information leaks and denials of service:
- ZDI-22-1691 (CVSS score: 9.6): Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability
- ZDI-22-1689 (CVSS score: 6.5): Linux Kernel ksmbd Out-Of-Bounds Read Denial-of-Service Vulnerability
- ZDI-22-1687 (CVSS score: 5.3): Linux Kernel ksmbd Memory Exhaustion Denial-of-Service Vulnerability
.To protect against exploitation of this vulnerability, it is advised to update to this version or a later one in order to fully mitigate the risk.
Keeping your system up to date with the latest security patches is always a good practice to ensure the safety and security of your system.