Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB servers and can lead to RCE.
The critical vulnerability of the Linux kernel makes SMB servers with ksmbd enabled (a Linux kernel server that implements the SMB3 protocol in the kernel space for file exchange over the network) vulnerable to hacking.
The problem is related to incorrect processing of SMB2_TREE_DISCONNECT commands, due to the lack of checking the existence of the object before performing operations on the object.
A remote attacker who has not been authenticated can execute arbitrary code on vulnerable Linux kernel installations.
Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.
The vulnerability was discovered on July 26, 2022 by researchers Arnaud Gatignol, Quentin Minster, Florent Sodel and Guillaume Tessier from the Thales Group team, and was publicly disclosed on December 22, 2022.
Researcher Shir Tamari from Wiz_IO noted that SMB servers using Samba are not affected, adding that SMB servers using ksmbd are vulnerable to read access, which can lead to a server memory leak (similar to the Heartbleed vulnerability).
Due to the novelty of ksmbd, most users still use Samba.
Administrators using the same ksmbd are recommended to update the Linux kernel to version 5.15.61 or later, released in August.