A critical vulnerability has been identified in the Linux Kernel that could allow threat actors to disclose sensitive information and execute arbitrary code on affected versions.
The vulnerability affecting the SMB2_TREE_DISCONNECT() component in ksmbd is a Use-After-Free error caused by not verifying the object’s existence before operations are performed on the object. Threat actors can exploit this vulnerability to execute code in kernel context. Exploiting this vulnerability does not require authentication. In addition, only systems with ksmbd enabled are affected by the vulnerability.
The purpose of the ksmbd program, which was integrated into the Kernel in 2021, is to provide fast SMB3 file serving performance. SMB is the main file server protocol in Windows on Linux over Samba. Ksmbd was designed to complement Samba, not replace it. Samba and ksmbd developers are working to make the programs work together. In this context, it is recommended that the published updates be implemented immediately in order not to be the target of attacks that can be carried out using the critical vulnerability.
