Tuesday, February 18, 2025
HomeLinuxCritical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely

Critical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely

Published on

SIEM as a Service

Follow Us on Google News

SMB servers that have ksmbd enabled are vulnerable to hacking due to a major Linux kernel vulnerability (CVSS score of 10). 

KSMBD is a Linux kernel server that uses the SMB3 protocol to share files over the network in kernel space. On vulnerable Linux Kernel installations, an unauthenticated, remote attacker can run any programme.

Linux Kernel ksmbd Use-After-Free RCE

Researchers Arnaud Gatignol, Quentin Minster, Florent Saudel, and Guillaume Teissier from the Thalium Team at Thales Group found the vulnerability on July 26, 2022.

The problem was made known to the public on December 22, 2022.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable”, according to the advisory published by ZDI.

According to the reports, the SMB2 TREE DISCONNECT command processing is where the exact flaw is found. 

The problem arises from the failure to validate an object’s existence before performing operations on it. By taking advantage of this flaw, an attacker might execute code within the context of the kernel.

SMB servers using Samba are unaffected, according to researcher Shir Tamari, Head of Research at Wiz IO. He also noted that SMB servers using ksmbd are vulnerable to read access, which could cause server memory to leak (similar to the vulnerability Heartbleed).

“ksmbd is new; most users still use Samba and are not affected. Basically, if you are not running SMB servers with ksmbd, enjoy your weekend.” added Tamari.

Hence, IT teams should do an environmental assessment to make sure any potential vulnerabilities are patched using the most recent Linux release.

Managed DDoS Attack Protection for Applications – Download Free Guide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension

SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using...

Threat Actors Trojanize Popular Games to Evade Security and Infect Systems

A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of...

New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats

A recent study by researchers from the National University of Singapore and NCS Cyber...

New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation

A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation

A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT,...

Juniper Issues Warning About Critical Authentication Bypass Vulnerability

Juniper Networks has issued an urgent security bulletin for its Session Smart Router, Session...

LibreOffice Vulnerabilities Allow Attackers to Write to Files and Extract Data

Two critical vulnerabilities in LibreOffice (CVE-2024-12425 and CVE-2024-12426) expose millions of users to file...