Get in Touch
Linux Kernel ksmbd zero-day disclosed
Target Industry
Indiscriminate and opportunistic targeting.
Overview
The vulnerability is being tracked as two different common vulnerabilities and exposures (CVEs).
Severity level: Critical – Exploitation is likely to lead to further malicious activity given the critical Common Vulnerability Scoring System (CVSS) score of 10 and the nature of the vulnerability.
This vulnerability is a remote code execution (RCE) vulnerability allowing attackers to execute arbitrary code on Linux-based machines with ksmbd enabled. Ksmbd is an experimental implementation of the SMB3 protocol.
Severity level: Critical – Exploitation is likely to lead to further malicious activity given the Common Vulnerability Scoring System (CVSS) score of 9.6 and the nature of the vulnerability. Attackers can leverage this vulnerability in conjunction with others to execute remote code.
This vulnerability allows attackers to extract sensitive information and affects machines with the ksmbd component enabled. Ksmbd is the Linux implementation of the SMB3 protocol.
Linux has issued an update to correct the vulnerability, which is detailed within the change log.
Impact
Given the high severity of the vulnerability, the projected impact is quite severe and can affect any Linux machine with ksmbd enabled.
Vulnerability Detection
Linux was made aware of the vulnerability on 26th July 2022 with a patch introduced on 28th July 2022. The commit ID of the patch is a54c509c32adba9d136f2b9d6a075e8cae1b6d27 and the details can be found at the Linux change logs.
The latest kernel version of 5.15.61 has reportedly patched this vulnerability.
Affected Products
Linux Kernel versions 5.15.61 and older.
Containment, Mitigations & Remediations
It is strongly recommended that customers who host infrastructure on Linux devices update the kernel to version 5.15.62 or newer.
Indicators of Compromise
Unexpected SMB2 or SMB3 write request with large amounts of malformed data to the machine could indicate an attempt to exploit this vulnerability.
Threat Landscape
SMB3 is the latest implementation of the SMB protocol and is used to share files across a network. This protocol is widely implemented across Windows devices but also Linux devices with the addition of the ksmbd component.
Mitre Methodologies
TA0002 – Execution