Linux fixes maximum-severity kernel vulnerability
Most businesses running SMB servers are believed to be shielded but one expert likened potential exploits to Heartbleed
Linux has issued an update to address a kernel-level security vulnerability that affected server message block (SMB) servers.
The remote code execution (RCE) flaw allowed unauthenticated users to execute kernel-level code and received the maximum possible severity rating on the common vulnerability reporting system (CVSS).
Six myths of SIEM
Things have changed when it comes to SIEM solutionsFree Download
Most businesses and enterprise users are believed to be safe from any potential exploitation given that the vulnerability only affected the lesser-used KSMBD module rather than the more popular Samba suite.
Specifically, the vulnerability lies in the processing of SMB2_TREE_DISCONNECT commands - packet requests sent by the client to request access to a given share on a server.
“The issue results from the lack of validating the existence of an object prior to performing operations on the object,” read the public advisory posted by the Zero Day Initiative (ZDI). “An attacker can leverage this vulnerability to execute code in the context of the kernel.”
The type of vulnerability is classified as a ‘use-after-free’ flaw and these are somewhat common in software, albeit severe, since they often allow for code execution and replacement.
Use-after-free vulnerabilities relate to issues in the allocation of dynamic memory in applications.
Dynamic memory involves continuous reallocation of blocks of data within a program and when headers don't properly check which sections of dynamic memory are available for allocation, it can allow an attacker to place their own code where data has been cleared.
Security researcher Shir Tamari likened the ramifications of a potential exploit - the leaking of a server’s memory - to that of Heartbleed, the 2014 vulnerability that allowed users to view data on any website using OpenSSL.
“KSMBD is new; most users still use Samba and are not affected,” he added. “Basically, if you are not running SMB servers with KSMBD, enjoy your weekend.”
According to the ZDI, the issue was discovered by a quartet of researchers working at the Thalium Team, a division of Thales focused on threat intelligence, vulnerability research, and red team development.
The researchers alerted the Linux Foundation to the flaw on 26 July 2022 and the coordinated public disclosure was released on Thursday.
2023 Strategic roadmap for data security platform convergence
Capitalise on your data and share it securely using consolidated platformsFree Download
The 3D trends report
Presenting one of the most exciting frontiers in visual cultureFree Download
The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana
Cost savings and business benefitsFree Download
Leverage automated APM to accelerate CI/CD and boost application performance
Constant change to meet fast-evolving application functionalityFree Download