Get Started Book a Demo

New Linux Kernel Bug is a Patch Now or Disable Scenario

24th December 2022 | Advisory, Blog New Linux Kernel Bug is a Patch Now or Disable Scenario

Linux Kernel 5.15 has a potentially 9.6 level vulnerability (out of 10) in the kernal. Search for impact and patch asap.

Vulnerability Details

Just in time for Christmas, we have a 9.6 vulnerability (out of 10) in some Linux Kernels (5.15 and later) which can be exploited for Remote Code Execution (RCE) without authentication on network enabled ports but only on systems where the ksmbd kernel module is enabled are vulnerable.

The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

ADDITIONAL DETAILS

Linux has issued an update to correct this vulnerability. More details can be found at:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61

Disclosure Timeline

2022-07-26 – Vulnerability reported to vendor
2022-12-22 – Coordinated public release of advisory

CyberHoot Recommendation:

This is a Critical Vulnerability according to our Vulnerability Alert Management Process (VAMP).  That’s the bad news.  The Good news is that the ksmbd kernel module might not be in use in your distros.  Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15. For server purposes, Ubuntu is the most concerning. Other enterprise distros, such as the Red Hat Enterprise Linux (RHEL) family, do not use the 5.15 kernel.

Here’s how you check:
$ uname -r

To see which kernel version you’re running.

If you’re running a susceptible kernel, check to see if the vulnerable module is present and actively running:

$ modinfo ksmb

What you want to see is that the module wasn’t found. If it’s loaded, you’ll want to upgrade to the Linux 5.15.61 kernel.

Many distros, unfortunately, have not moved to this kernel release yet.  If that’s the case, you’ll need to disable this kernel module until a fix is released.

Source: 

Linux Kernel Advisory and Update

ZDI-22-1690Zero-Day Initiative Vulnerability in Linus Kernel – ZDI-22-1690

Additional Reading: 

Analysis and advice from ZDNet Article

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

When One Password Ends It All
30th September 2025 | Blog

When One Password Ends It All

In June 2025, KNP Logistics Group, a transport company in the UK with 500 trucks and nearly two centuries of...

Read more
Automated Vulnerability Scanning and Penetration Testing Boost Cyber Resilience
23rd September 2025 | Blog

Automated Vulnerability Scanning and Penetration Testing Boost Cyber Resilience

Vulnerability scanning and it's human led partner penetration testing (aka "pentesting") are excellent and...

Read more
Safe AI Adoption: Five Rules Every Business Must Follow
16th September 2025 | Blog

Safe AI Adoption: Five Rules Every Business Must Follow

Artificial Intelligence (AI) tools are entering our businesses like a new intern with great ideas but no...

Read more
Get Started All Posts