Listen to this article

Linux has released an update to counter a kernel-level security susceptibility that impacted SMB (Server Message Block) servers. The RCE (remote code execution) weakness enabled unauthorized users to execute kernel-level code. It has also received the maximum probable brutality rating on the CVSS (common vulnerability reporting system).

Most enterprise and business users are supposedly safe from any possible exploitation. They believe that the susceptibility just impacted the lesser-used KSMBD module instead of the more famous Samba suite. However, the susceptibility falls in the processing of SMB2_TREE_DISCONNECT commands. It is a packet request the client sent to request access to a provided share on a server.

The ZDI (Zero Day Initiative) also posted a public advisory. It says the issue results from the lack of verifying the subsistence of an object before executing operations on the object. Meanwhile, an attacker can easily grasp this susceptibility to perform code execution in the setting of the kernel. The susceptibility type is unknown as a “use-after-free” defect and is relatively common in software.

The Use-After-Free Flaw Allows Attackers to Execute Code

It is noteworthy that these types of flaws often allow attackers to execute code and replacement activities. The specific “use-after-free” susceptibilities related to the problems in the allocation of the application’s dynamic memory. However, dynamic memory produces constant restructuring of blocks of data within a program.

The continuous allocation of data blocks happens when headers don’t exactly check available dynamic memory for allocation. However, it can enable attackers to execute their own codes at the end of cleared data. It is important that security researcher Shir Tamari correlated the aftermaths of a supposed exploit. There was a memory leakage of a server to the scenario of Heart-bleed.

The 2014 Susceptibility Allowed Users to Use OpenSSL

However, the 2014 vulnerability also enabled users to use OpenSSL and view data on any website. Tamari said the KSMBD is the latest and most users still use Samba so they are not affected. He added that if you are not running SMB servers with KSMBD, you are undoubtedly enjoying your weekend. The ZDI also said the issue appeared as a group of researchers started work at the Thallium Team.

Meanwhile, Thallium Team is a department of Thales dedicated to vulnerability research, threat intelligence, and red team development. The research team also alerted the Linux Foundation to the weakness on July 26, 2022. But the collaborated public revelation was announced on Thursday. The IT teams must determine their environments before the Holiday break.

The CVSS 10 Susceptibility is Unusual

Moreover, the IT teams should ensure any probable revelations and update to the latest version of Linux. A reliable source cloud7.news also reported that high-severity susceptibilities in the Linux kernel are infrequent incidents. So, the CVSS 10 susceptibility is much more unusual in the Linux kernel. The ZDI also issued an advisory that Linux has recently resolved the susceptibility involved in a CVSS score.

The advisory said the researchers also tipped off the Linux Foundation regarding the susceptibility on 26th July 2022. However, the collaborated public disclosure was announced on December 22, 2022. Most security experts said in the advisory that IT teams to update to the latest Linux kernel version. This vulnerability enables remote criminals to execute random code on contrived installations of the Linux kernel.

Just KSMBD Systems are Susceptible

The advisory said the authorization isn’t essential to adventure susceptibility. But keep in mind that only KSMBD-enabled systems are susceptible. However, the specific weakness is still present in the processing of SMB2_TREE_DISCONNECT commands. The results indicated the lack of confirming the survival of an object before the execution operations on the object.

However, an attacker has the ability to grasp this vulnerability in the code execution in the framework of the kernel. The susceptibility admitted the extreme cruelty rating on the common susceptibility reporting system. It also enabled 3rd parties to execute severe kernel-level codes. Experts believe that most businesses using the Samba suite aren’t critically affected.