[CIVN-2022-0485] Multiple Vulnerabilities in Linux Kernel ksmbd Module

Severity Rating: CRITICAL

Software Affected

Linux versions 5.14 through to 5.15.61

Overview

Multiple vulnerabilities have been reported in the ksmbd module of Linux kernel which could allow a remote attacker to execute arbitrary code, disclose sensitive information or cause denial of service conditions on the target system.

Description

1. Use-After-Free Remote Code Execution Vulnerability

This vulnerability exists in the ksmbd module of Linux kernel while processing of SMB2_TREE_DISCONNECT commands due to an error while validating the existence of an object before performing operations on the object. A remote attacker could exploit this vulnerability to cause use-after-free error.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the affected system.

Note: Please note that only those systems with ksmbd enabled are vulnerable.

2. Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability exists in the ksmbd module of Linux kernel while handling of SMB2_WRITE commands due to improper validation of user supplied input. An authenticated remote attacker could exploit this vulnerability to cause an out-of-bound read condition.

Successful exploitation of this vulnerability could allow the attacker to gain sensitive information of the target system. An attacker could exploit this vulnerability in conjunction with other vulnerabilities to execute arbitrary code on the target system.

3. Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability exists in the ksmbd module of Linux kernel while handling of file attributes due to improper validation of user supplied input. An authenticated remote attacker could exploit this vulnerability to cause heap-based buffer overflow conditions.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the affected system.

4. Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability exists in the ksmbd module of Linux kernel while handling of SMB2_TREE_CONNECT commands due to improper validation of user supplied input. An authenticated remote attacker could exploit this vulnerability to cause an out-of-bound read condition.

Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions on the affected system.

Solution

Apply appropriate patches as mentioned in the following links:

https://lore.kernel.org/lkml/20220819153711.847846093@linuxfoundation.org/

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61

https://lore.kernel.org/lkml/20220819153711.816369367@linuxfoundation.org/

Vendor Information

Kernel.org

https://lore.kernel.org/lkml/20220819153711.847846093@linuxfoundation.org/

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61

https://lore.kernel.org/lkml/20220819153711.816369367@linuxfoundation.org/

References

https://lore.kernel.org/lkml/20220819153711.847846093@linuxfoundation.org/

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61

https://lore.kernel.org/lkml/20220819153711.816369367@linuxfoundation.org/

https://www.zerodayinitiative.com/advisories/ZDI-22-1688/

https://www.zerodayinitiative.com/advisories/ZDI-22-1689/

https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

https://www.zerodayinitiative.com/advisories/ZDI-22-1691/

https://access.redhat.com/solutions/6991749

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

[CIVN-2022-0485] Multiple Vulnerabilities in Linux Kernel ksmbd Module

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive