Linux kernel 5.15 Vulnerability

Linux kernel 5.15 Vulnerability

On March 30, 2023, A critical vulnerability was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2.

fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. ksmbd is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network.
The vulnerability may cause remote attackers to execute code on vulnerable Linux Kernel systems without any authentication.

Technical Details

The vulnerability was discovered first on July 26, 2022, by Zero Day Initiative (ZDI), a zero-day security research company and the flaw has publicly announced on December 22, 2022.

ZDI states that that SMB2 TREE DISCONNECT command processing is where the exact is location of the fault. The problem arises from failure to confirm an object’s existence before conducting actions on it. This flaw allows an attacker to run code within the kernel context.

Affected Systems

• cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* from (including) 5.15 to 5.19.2(excluding)

IoC’s

-

Recommended Solution(s)

-

Mitigations

-

CVE / CWE

CVE-2022-47939

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-47939
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
• http://www.openwall.com/lists/oss-security/2022/12/23/10
• https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c
• https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
• https://www.secpod.com/blog/zero-day-server-message-block-smb-server-in-linux-kernel-5-15-has-a-critical-vulnerability-patch-ksmbd-immediately/
• https://github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.