CERT-In Vulnerability Note
CIVN-2022-0485
Multiple Vulnerabilities in Linux Kernel ksmbd Module
Original Issue Date:December 23, 2022
Severity Rating: CRITICAL
Software Affected
- Linux versions 5.14 through to 5.15.61
Overview
Multiple vulnerabilities have been reported in the ksmbd module of Linux kernel which could allow a remote attacker to execute arbitrary code, disclose sensitive information or cause denial of service conditions on the target system.
Description
1. Use-After-Free Remote Code Execution Vulnerability
This vulnerability exists in the ksmbd module of Linux kernel while processing of SMB2_TREE_DISCONNECT commands due to an error while validating the existence of an object before performing operations on the object. A remote attacker could exploit this vulnerability to cause use-after-free error. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the affected system.
Note: Please note that only those systems with ksmbd enabled are vulnerable.
2. Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability exists in the ksmbd module of Linux kernel while handling of SMB2_WRITE commands due to improper validation of user supplied input. An authenticated remote attacker could exploit this vulnerability to cause an out-of-bound read condition. Successful exploitation of this vulnerability could allow the attacker to gain sensitive information of the target system. An attacker could exploit this vulnerability in conjunction with other vulnerabilities to execute arbitrary code on the target system.
3. Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability exists in the ksmbd module of Linux kernel while handling of file attributes due to improper validation of user supplied input. An authenticated remote attacker could exploit this vulnerability to cause heap-based buffer overflow conditions. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the affected system.
4. Out-Of-Bounds Read Denial-of-Service Vulnerability
This vulnerability exists in the ksmbd module of Linux kernel while handling of SMB2_TREE_CONNECT commands due to improper validation of user supplied input. An authenticated remote attacker could exploit this vulnerability to cause an out-of-bound read condition. Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions on the affected system.
Solution
Apply appropriate patches as mentioned in the following links:
https://lore.kernel.org/lkml/20220819153711.847846093@linuxfoundation.org/
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
https://lore.kernel.org/lkml/20220819153711.816369367@linuxfoundation.org/
Vendor Information
Kernel.org
https://lore.kernel.org/lkml/20220819153711.847846093@linuxfoundation.org/
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
https://lore.kernel.org/lkml/20220819153711.816369367@linuxfoundation.org/
References
https://lore.kernel.org/lkml/20220819153711.847846093@linuxfoundation.org/
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
https://lore.kernel.org/lkml/20220819153711.816369367@linuxfoundation.org/
https://www.zerodayinitiative.com/advisories/ZDI-22-1688/
https://www.zerodayinitiative.com/advisories/ZDI-22-1689/
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
https://www.zerodayinitiative.com/advisories/ZDI-22-1691/
https://access.redhat.com/solutions/6991749
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|