Get Started Book a Demo

New Linux Kernel Bug is a Patch Now or Disable Scenario

24th December 2022 | Advisory, Blog New Linux Kernel Bug is a Patch Now or Disable Scenario

Linux Kernel 5.15 has a potentially 9.6 level vulnerability (out of 10) in the kernal. Search for impact and patch asap.

Vulnerability Details

Just in time for Christmas, we have a 9.6 vulnerability (out of 10) in some Linux Kernels (5.15 and later) which can be exploited for Remote Code Execution (RCE) without authentication on network enabled ports but only on systems where the ksmbd kernel module is enabled are vulnerable.

The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

ADDITIONAL DETAILS

Linux has issued an update to correct this vulnerability. More details can be found at:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61

Disclosure Timeline

2022-07-26 – Vulnerability reported to vendor
2022-12-22 – Coordinated public release of advisory

CyberHoot Recommendation:

This is a Critical Vulnerability according to our Vulnerability Alert Management Process (VAMP).  That’s the bad news.  The Good news is that the ksmbd kernel module might not be in use in your distros.  Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15. For server purposes, Ubuntu is the most concerning. Other enterprise distros, such as the Red Hat Enterprise Linux (RHEL) family, do not use the 5.15 kernel.

Here’s how you check:
$ uname -r

To see which kernel version you’re running.

If you’re running a susceptible kernel, check to see if the vulnerable module is present and actively running:

$ modinfo ksmb

What you want to see is that the module wasn’t found. If it’s loaded, you’ll want to upgrade to the Linux 5.15.61 kernel.

Many distros, unfortunately, have not moved to this kernel release yet.  If that’s the case, you’ll need to disable this kernel module until a fix is released.

Source: 

Linux Kernel Advisory and Update

ZDI-22-1690Zero-Day Initiative Vulnerability in Linus Kernel – ZDI-22-1690

Additional Reading: 

Analysis and advice from ZDNet Article

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats
15th May 2025 | Advisory, Blog

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
CyberHoot Newsletter – May 2025
15th May 2025 | Blog, Newsletters

CyberHoot Newsletter – May 2025

Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...

Read more
Cybersecurity Advisory: Hackers Exploit Zoom’s Remote Control Feature
6th May 2025 | Advisory, Blog

Cybersecurity Advisory: Hackers Exploit Zoom’s Remote Control Feature

A newly uncovered cyberattack campaign is exploiting Zoom’s Remote Control feature to infiltrate the systems...

Read more
Get Started All Posts