Critical Linux flaw affects SMB servers with ksmbd enabled

A critical Linux kernel vulnerability exposes SMB servers that have ksmbd enabled.


KSMBD is a Linux kernel server that implements the SMB3 protocol for sharing files over the network. An unauthenticated, remote attacker can execute arbitrary code on these vulnerable Linux installations.

This vulnerability allows to remote attackers to execute arbitrary code on affected Linux Kernel installations. No authentication is required to exploit this vulnerability. Nevertheless only systems with ksmbd enabled are vulnerable.

The specific flaw exists in the processing of SMB2_TREE_DISCONNECT commands. The problem arises from the lack of validation of the existence of an object, before performing operations on the object.

The vulnerability was discovered on July 26, 2022 by researchers Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier from the Thalium team of the Thales Group. The flaw was publicly disclosed on December 22, 2022.

Researcher Shir Tamari, he mentioned that servers running Samba are not affected. Conversely SMB servers using ksmbd are vulnerable. This is considered good news as most users are still using Samba and thus are not concerned about the issue. It only affects those running SMB servers with ksmbd. The Best Technology Site in Greece
Follow us on Google News

linux, kernel, ksmdb, samba

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).