Linux Kernel Use-After-Free RCE Vulnerability Let Attackers Execute Arbitrary Code
Reading Time: 3 Minutes
This vulnerability has achieved a CVSS Score of 10.00, and the vulnerability affects SMB servers that have KSMBD enabled.
An emergency security patch was released by Linux recently to fix a kernel-level security critical severity vulnerability.
See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course
Linux Kernel ksmbd Use-After-Free RCE Flaw
Remote attackers can exploit this vulnerability to execute arbitrary code on Linux Kernel installations that are affected by this vulnerability. Only systems that have ksmbd enabled are vulnerable to this vulnerability, and authentication is not required to exploit it.
There is also the possibility that even this could lead to the leakage of server memory. Additionally, the SMB servers that are using Samba are not affected by this vulnerability.
Vulnerability only affects SMB servers using the experimental ksmbd module (Intro'd in Linux 5.15). If your SMB server uses Samba, you're safe. If it uses ksmbd, an attacker with read access could leak your server's memory (similar to Heartbleed). https://t.co/xw7eOlJo8Q
— Shir Tamari (@shirtamari) December 22, 2022
It works by causing SMB2_TREE_DISCONNECT commands to be reprocessed in a way that causes the specific bug to appear. Due to the fact that no validation is performed prior to performing operations on an object, the issue arises as a result of the failure to verify the existence of the object.
Trending: Digital Forensics Tool: Email Analyzer
This vulnerability has the potential to allow an attacker to execute code in the context of the kernel as a result of exploiting it.
Vulnerabilities of this type are classified as ‘use-after-free‘ flaws. Among the many types of flaws in software, this one seems to be the most common.
The use-after-free vulnerability occurs when dynamic memory is allocated in an application in a way that causes the memory to be misused.
Flaw Profile
- CVE ID: NA
- CVSS SCORE: 10.0, (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
- DESCRIPTION: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
- AFFECTED VENDORS: Linux
- AFFECTED PRODUCTS: Kernel
- DISCLOSURE TIMELINE:-
- 2022-07-26 – Vulnerability reported to vendor
- 2022-12-22 – Coordinated public release of advisory
However, it seems that most of the users are not affected since KSMBD is new and most users still use the Samba. In short, there is no need for you to be worried if you are not running a server running KSMBD on your SMB network.
It is important for IT teams to assess their working and active network to make sure the latest Linux version is used and all potential vulnerabilities are patched.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: cybersecuritynews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
