A high-severity vulnerability has been identified in a Linux server used for sharing files.
Now identified critical vulnerability has CVSS score of 10 and impacts KMBSD enabled servers thereby allowing threat actors to hack a system and execute kernel-level arbitrary code.
KSMBD is a Linux kernel server that allows employees to share files across an internal network.
According to Trend Micro’s Zero Day initiative, the threat actors can exploit the vulnerability to execute kernel-level arbitrary code on the vulnerable systems.
The advisory says that the vulnerability is identified in the processing of
SMB2_TREE_DISCONECT/SMB2_WRITE commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object.
Talking about the vulnerability, Shir Tamari said, since the KSMBD module is not as popular as the Samba suite, the potential impact of the vulnerability may be limited despite its severity. The vulnerability only affects SMB servers using the experimental ksmbd module introduced in Linux 5.15. If your SMB server uses Samba, you’re safe.
Shir Tamari is head of research at Wiz, a cloud security startup.
Meanwhile, admins who use KMBSD must update their software to Linux kernel version 5.15.61 or newer.
Subscribe to our newsletter today for hot and trending Linux News updates from prominent tech industries.