Sunday, June 15, 2025
HomeLinuxCritical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely

Critical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely

Published on

SIEM as a Service

Follow Us on Google News

SMB servers that have ksmbd enabled are vulnerable to hacking due to a major Linux kernel vulnerability (CVSS score of 10). 

KSMBD is a Linux kernel server that uses the SMB3 protocol to share files over the network in kernel space. On vulnerable Linux Kernel installations, an unauthenticated, remote attacker can run any programme.

Linux Kernel ksmbd Use-After-Free RCE

Researchers Arnaud Gatignol, Quentin Minster, Florent Saudel, and Guillaume Teissier from the Thalium Team at Thales Group found the vulnerability on July 26, 2022.

- Advertisement - Google News

The problem was made known to the public on December 22, 2022.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable”, according to the advisory published by ZDI.

According to the reports, the SMB2 TREE DISCONNECT command processing is where the exact flaw is found. 

The problem arises from the failure to validate an object’s existence before performing operations on it. By taking advantage of this flaw, an attacker might execute code within the context of the kernel.

SMB servers using Samba are unaffected, according to researcher Shir Tamari, Head of Research at Wiz IO. He also noted that SMB servers using ksmbd are vulnerable to read access, which could cause server memory to leak (similar to the vulnerability Heartbleed).

“ksmbd is new; most users still use Samba and are not affected. Basically, if you are not running SMB servers with ksmbd, enjoy your weekend.” added Tamari.

Hence, IT teams should do an environmental assessment to make sure any potential vulnerabilities are patched using the most recent Linux release.

Managed DDoS Attack Protection for Applications – Download Free Guide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access

A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated...

Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic

A critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached...