Critical Linux Kernel Vulnerability Affects SMB Servers

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

A high-severity vulnerability has been identified in a Linux server used for sharing files.

Now identified critical vulnerability has CVSS score of 10 and impacts KMBSD enabled servers thereby allowing threat actors to hack a system and execute kernel-level arbitrary code.

KSMBD is a Linux kernel server that allows employees to share files across an internal network.

According to Trend Micro’s Zero Day initiative, the threat actors can exploit the vulnerability to execute kernel-level arbitrary code on the vulnerable systems.

The advisory says that the vulnerability is identified in the processing of SMB2_TREE_DISCONECT/SMB2_WRITE commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object.

Talking about the vulnerability, Shir Tamari said, since the KSMBD module is not as popular as the Samba suite, the potential impact of the vulnerability may be limited despite its severity. The vulnerability only affects SMB servers using the experimental ksmbd module introduced in Linux 5.15. If your SMB server uses Samba, you’re safe.

Shir Tamari is head of research at Wiz, a cloud security startup.

Meanwhile, admins who use KMBSD must update their software to Linux kernel version 5.15.61 or newer.

Subscribe to our newsletter today for hot and trending Linux News updates from prominent tech industries.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This