Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

General support questions
Post Reply
Jcenos7
Posts: 33
Joined: 2021/02/09 22:06:11

Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

Post by Jcenos7 » 2022/12/29 06:29:48

Hi,
Is CentOS 7 affected by this

Vulnerability:
Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

CVEs:
ZDI-22-1690, ZDI-CAN-17816

Vulnerability Description:
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.

The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Top
Whoever
Posts: 1361
Joined: 2013/09/06 03:12:10

Re: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

Post by Whoever » 2022/12/29 06:35:49

I don't think CentOS 7 is affected because it only affects certain versions of version 5 of the Kernel.
Top
Jcenos7
Posts: 33
Joined: 2021/02/09 22:06:11

Re: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

Post by Jcenos7 » 2022/12/29 09:58:07

Thank you whoever for your response!
Top
User avatar
jlehtone
Posts: 4530
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

Post by jlehtone » 2022/12/29 16:34:09

Are ZDI-22-1690, ZDI-CAN-17816 same as CVE-2022-47939?
The latter https://access.redhat.com/security/cve/cve-2022-47939
does not affect any RHEL kernel.
Top
Post Reply

Return to “CentOS 7 - General Support”