A critical Linux kernel vulnerability exposes SMB servers that have ksmbd enabled.
KSMBD is a Linux kernel server that implements the SMB3 protocol for sharing files over the network. An unauthenticated, remote attacker can execute arbitrary code on these vulnerable Linux installations.
This vulnerability allows to remote attackers to execute arbitrary code on affected Linux Kernel installations. No authentication is required to exploit this vulnerability. Nevertheless only systems with ksmbd enabled are vulnerable.
The specific flaw exists in the processing of SMB2_TREE_DISCONNECT commands. The problem arises from the lack of validation of the existence of an object, before performing operations on the object.
The vulnerability was discovered on July 26, 2022 by researchers Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier from the Thalium team of the Thales Group. The flaw was publicly disclosed on December 22, 2022.
Researcher Shir Tamari, he mentioned that servers running Samba are not affected. Conversely SMB servers using ksmbd are vulnerable. This is considered good news as most users are still using Samba and thus are not concerned about the issue. It only affects those running SMB servers with ksmbd.