Security researchers have discovered a Critical remote code execution (RCE) vulnerability in Linux 5.15 Kernel Server Message Block (SMB) server, ksmbd.
KSMBD is a linux kernel server which implements SMB3 protocol in kernel space (ksmbd) for sharing files over network. When started, the server daemon then starts up a forker thread (ksmbd/interface name) at initialization time and opens a dedicated port 445 for listening to SMB requests.
“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable,” Zero Day Initiative (ZDI) wrote in an advisory.
“The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel,” ZDI added.
The vulnerability has a CVSS score of 10.0, but does not yet have a CVE assigned to it.
The Linux Foundation also issued an update to correct this vulnerability.
- Meddler-in-the-Middle phishing attacks break MFA
- ‘Achilles’ vulnerability exploit bypasses macOS Gatekeeper
- CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Dirty Pipe Linux kernel vulnerability)
- Dirty Pipe privilege escalation vulnerability found in Linux kernel
- Mutagen Astronomy Linux kernel bug impacts Red Hat, CentOS distributions
- Microsoft discovers Nimbuspwn Linux vulnerabilities
- Linux Cgroup vulnerability can cause container escape