Cybercrime , Cybercrime as-a-service , Endpoint Security

Linux Critical Kernel-Level Bug Affects SMB Servers

Vulnerability With CVSS Score of 10 Affects KSMBD-Enabled Servers
Linux Critical Kernel-Level Bug Affects SMB Servers
Source: ISMG

A critical vulnerability in a Linux kernel server used for file sharing may allow attackers to remotely hack into a system with maximum execution privileges.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

The vulnerability, which has a CVSS score of 10, affects KSMBD-enabled servers. KSMBD is a Linux kernel server that allows employees to share files across an internal network.

An unauthenticated user could exploit the vulnerability to execute kernel-level arbitrary code on the vulnerable systems, according to Trend Micro's Zero Day Initiative.

Since the KSMBD module is not as popular as the Samba suite, the potential impact of the vulnerability may be limited despite its severity, says Shir Tamari, head of research at Wiz, a cloud security startup. "The vulnerability only affects SMB servers using the experimental ksmbd module introduced in Linux 5.15. If your SMB server uses Samba, you're safe," Tamari says.

The vulnerability is found in the processing of SMB2_TREE_DISCONECT/SMB2_WRITE commands. "The issue results from the lack of validating the existence of an object prior to performing operations on the object," the report says.

Those using KSMBD must update their software to Linux kernel version 5.15.61 or later. The changelog comprises additional details.

This type of vulnerability is classified as a "use-after-free" bug, according to Linux's changelog. Kaspersky defines UAF as a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.

Tamari compared this vulnerability's exploitation to that of the popular OpenSSL flaw dubbed Heartbleed, from 2014. Heartbleed exposed a flaw in OpenSSL, a cryptographic tool that provides communication security and privacy over the internet for applications such as web, email, instant messaging and some virtual private networks (see: Heartbleed Bug: What You Need to Know).

The bug allowed anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software, similar to what the SMB server allows its attackers to do.

The latest kernel-level vulnerability was reported to Linux on July 26 by researchers Arnaud Gatignol, Quentin Minster, Florent Saudel and Guillaume Teissier. They're all members of the Thalium Team, a division of Thales focused on threat intelligence, vulnerability research and red team development.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.