Critical Use-After-Free Remote Code Execution Vulnerability in Linux Kernel

A Critical remote code execution vulnerability in specific Linux kernel versions with ksmbd enabled has been disclosed via Zero Day Initiative (ZDI-22-1690)

Threat ID:: CC-4237
Threat Severity:: Medium
Published:: 23 December 2022 3:18 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A Critical remote code execution vulnerability in specific Linux kernel versions with ksmbd enabled has been disclosed via Zero Day Initiative (ZDI-22-1690)

Affected platforms

The following platforms are known to be affected:

Versions: 5.15.x before 5.15.61

Linux kernel

This vulnerability only applies to systems with ksmbd enabled

Threat details

Introduction

A critical vulnerability in the Linux Kernel has been disclosed via the Zero Day Initiative, involving remote code execution. There is no current CVE assigned to the vulnerability, but it has been tracked as ZDI-22-1690 by the Zero Day Initiative. The vulnerability has a CVSSv3 score of 10.0 and could allow a remote, unauthenticated attacker to perform remote code execution on an affected system where ksmbd is enabled and Server Message Block (SMB) is accessible on the network.

Remediation advice

Affected organisations are encouraged to review the Zero Day Initiative advisory (ZDI-22-1690) and apply relevant kernel updates or workarounds.

Definitive source of threat updates

Last edited: 23 December 2022 3:18 pm