A critical Linux kernel vulnerability exposes SMB servers that have ksmbd enabled.
KSMBD is a Linux kernel server that implements the protocol SMB3 for file sharing over the network. An unauthenticated, remote attacker can execute arbitrary code on these vulnerable Linux installations.
This vulnerability allows to remote attackers to execute arbitrary code on its affected installations Linux Kernel. No authentication is required to exploit this vulnerability. Nevertheless only systems with ksmbd enabled are vulnerable.
This specific defect exists in processing of SMB2_TREE_DISCONNECT commands. The problem arises from the lack of validation of an object's existence, before performing operations on the object.
The vulnerability was discovered on July 26, 2022 by researchers Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier from the Thalium team of the Thales Group. The flaw was publicly disclosed on December 22, 2022.
Researcher Shir Tamari, he mentioned that servers running Samba are not affected. Conversely SMB servers using ksmbd are vulnerable. This is considered good news as most users are still using Samba and thus are not concerned about the issue. It only affects those running SMB servers with ksmbd.