Share This:

The Zero Day Initiative (ZDI) has disclosed a new Linux Kernel Vulnerability that could lead to code execution in the context of the kernel. The security flaw is a bug in the new Linux 5.15 SMB3 server, ksmbd. The ZDI initially released the vulnerability with a CVSS score of 10, though it now sits at 9.6.

What is the threat?

The Linux kernel is the main component of a Linux operating system, responsible for the communication between the computer hardware and its processes. Unlike the more popular Server Message Block (SMB) Server, SAMBA, ksmbd operates in the kernel. This vulnerability could result in an attacker executing code or disclosing sensitive information on affected Linux kernel versions. According to ZDI, the specific bug relates to the handling of SMB2_WRITE commands.

Why is it noteworthy?

There have been a few devastating attacks that took advantage of security flaws in SMB. Attackers jump on the chance to exploit an SMB vulnerability. Its prevalent use in Windows or Linux file and printer sharing and remote access make it a desirable target for malware or ransomware that spreads itself. For example, in 2017, WannaCry utilized an SMB vulnerability to infect an estimated 300,000 machines. Other notable attacks include NotPetya, Emotet, and TrickBot.

What is the exposure or risk?

While it may not be as popular as the Linux SAMBA server, ksmbd is still in used by organizations. Developed by Samsung, it is designed to deliver fast SMB3 file-serving performance. Any Linux distributions running the ksmbd server and uses the kernel 5.15 is potentially vulnerable. This includes multiple versions of Ubuntu and Deepin.

What are the recommendations?

Barracuda MSP recommends the following actions to ensure your protection:

  • Upgrade any affected Linux kernel versions immediately.
    • If running ksmbd server, you can check the kernel version by running the following command:
      • $ uname -r
    • If Linux kernel is 5.15 or above, upgrade to 5.15.61 immediately.
  • Review the update from Linux for an example of what the bug can look like.

References

If you have any questions, please contact our Security Operations Center.


Share This:
Walker Wiley

Posted by Walker Wiley

Walker is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Walker supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *