Linux Kernel Use-After-Free RCE Vulnerability Let Attackers Execute Arbitrary Code

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

An emergency security patch was released by Linux recently to fix a kernel-level security critical severity vulnerability. 

This vulnerability has achieved a CVSS Score of 10.00, and the vulnerability affects SMB servers that have KSMBD enabled. In the kernel space of Linux, KSMBD is a kernel-level file server that shares files over the network by using the SMB3 protocol.

Linux Kernel ksmbd Use-After-Free RCE Flaw

Remote attackers can exploit this vulnerability to execute arbitrary code on Linux Kernel installations that are affected by this vulnerability. Only systems that have ksmbd enabled are vulnerable to this vulnerability, and authentication is not required to exploit it.

There is also the possibility that even this could lead to the leakage of server memory. Additionally, the SMB servers that are using Samba are not affected by this vulnerability.

It works by causing SMB2_TREE_DISCONNECT commands to be reprocessed in a way that causes the specific bug to appear. Due to the fact that no validation is performed prior to performing operations on an object, the issue arises as a result of the failure to verify the existence of the object.

This vulnerability has the potential to allow an attacker to execute code in the context of the kernel as a result of exploiting it. 

Vulnerabilities of this type are classified as ‘use-after-free‘ flaws. Among the many types of flaws in software, this one seems to be the most common.

The use-after-free vulnerability occurs when dynamic memory is allocated in an application in a way that causes the memory to be misused.

Flaw Profile

  • CVE ID: NA
  • CVSS SCORE: 10.0, (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
  • DESCRIPTION: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
  • AFFECTED VENDORS: Linux
  • AFFECTED PRODUCTS: Kernel
  • DISCLOSURE TIMELINE:-
  • 2022-07-26 – Vulnerability reported to vendor
  • 2022-12-22 – Coordinated public release of advisory

However, it seems that most of the users are not affected since KSMBD is new and most users still use the Samba. In short, there is no need for you to be worried if you are not running a server running KSMBD on your SMB network.

It is important for IT teams to assess their working and active network to make sure the latest Linux version is used and all potential vulnerabilities are patched.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book