IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Linux fixes maximum-severity kernel vulnerability

Most businesses running SMB servers are believed to be shielded but one expert likened potential exploits to Heartbleed

Linux has issued an update to address a kernel-level security vulnerability that affected server message block (SMB) servers.

The remote code execution (RCE) flaw allowed unauthenticated users to execute kernel-level code and received the maximum possible severity rating on the common vulnerability reporting system (CVSS).

Related Resource

Six myths of SIEM

Things have changed when it comes to SIEM solutions

Whitepaper cover with black & white birds eye view of a cityscapeFree Download

Most businesses and enterprise users are believed to be safe from any potential exploitation given that the vulnerability only affected the lesser-used KSMBD module rather than the more popular Samba suite.

Specifically, the vulnerability lies in the processing of SMB2_TREE_DISCONNECT commands - packet requests sent by the client to request access to a given share on a server.

“The issue results from the lack of validating the existence of an object prior to performing operations on the object,” read the public advisory posted by the Zero Day Initiative (ZDI). “An attacker can leverage this vulnerability to execute code in the context of the kernel.”

The type of vulnerability is classified as a ‘use-after-free’ flaw and these are somewhat common in software, albeit severe, since they often allow for code execution and replacement.

Use-after-free vulnerabilities relate to issues in the allocation of dynamic memory in applications.

Dynamic memory involves continuous reallocation of blocks of data within a program and when headers don't properly check which sections of dynamic memory are available for allocation, it can allow an attacker to place their own code where data has been cleared.

Security researcher Shir Tamari likened the ramifications of a potential exploit - the leaking of a server’s memory - to that of Heartbleed, the 2014 vulnerability that allowed users to view data on any website using OpenSSL.

“KSMBD is new; most users still use Samba and are not affected,” he added. “Basically, if you are not running SMB servers with KSMBD, enjoy your weekend.”

According to the ZDI, the issue was discovered by a quartet of researchers working at the Thalium Team, a division of Thales focused on threat intelligence, vulnerability research, and red team development.

The researchers alerted the Linux Foundation to the flaw on 26 July 2022 and the coordinated public disclosure was released on Thursday.

Before the Holiday break, IT teams should audit their environments to ensure any potential exposures are updated to the latest Linux version. More details can be found in the official changelog.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Meta passes PyTorch ownership to Linux Foundation in a bid to improve transparency
open source

Meta passes PyTorch ownership to Linux Foundation in a bid to improve transparency

13 Sep 2022
Best Linux distros 2022
operating systems

Best Linux distros 2022

25 Jul 2022
What is open source?
Software

What is open source?

30 Jun 2022
Best Linux file managers 2022: Customise your workflows
Linux

Best Linux file managers 2022: Customise your workflows

17 May 2022

Most Popular

Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023