Linux Kernel Vulnerability - A New Security Flaw Discovered in Linux 5.15 SMB3 Server

A new Linux Kernel Vulnerability has been disclosed by the Zero Day Initiative (ZDI) that could lead to code execution in the context of the kernel. The security flaw is a bug in the new Linux 5.15 SMB3 server, ksmbd. The ZDI initially released the vulnerability with a CVSS score of 10, though it now sits at 9.6.

What is the Threat?

The Linux kernel is the main component of a Linux operating system, responsible for the communication between the computer hardware and its processes. Unlike the more popular Server Message Block (SMB) Server, SAMBA, ksmbd operates in the kernel. This vulnerability could result in an attacker executing code or disclosing sensitive information on affected Linux kernel versions. According to ZDI, the specific bug relates to the handling of SMB2_WRITE commands.

Why is it Noteworthy?

Attacks that take advantage of security flaws in SMB can be devastating. SMB is a popular protocol used in Windows or Linux file and printer sharing and remote access, making it a desirable target for malware or ransomware that spreads itself. For example, in 2017, WannaCry utilized an SMB vulnerability to infect an estimated 300,000 machines. Other notable attacks include NotPetya, Emotet, and TrickBot.

What is the Exposure or Risk?

While it may not be as popular as the Linux SAMBA server, ksmbd is still in use by organizations. Developed by Samsung, it is designed to deliver fast SMB3 file-serving performance. Any Linux distributions running the ksmbd server and uses the kernel 5.15 is potentially vulnerable. This includes multiple versions of Ubuntu and Deepin.

What are the Recommendations?

Enterprotect recommends the following actions to ensure your protection: • Upgrade any affected Linux kernel versions immediately. • If running ksmbd server, you can check the kernel version by running the following command: $ uname -r • If Linux kernel is 5.15 or above, upgrade to 5.15.61 immediately. • Review the update from Linux for an example of what the bug can look like.

References:

Previous
Previous

400 Local Governments Forced to Resort to Manual Processes as a Result of Cott Systems Cyber Attack

Next
Next

LastPass Security Incident Update