"Linux Fixes Maximum-Severity Kernel Vulnerability"

A kernel-level security vulnerability that affects Server Message Block (SMB) servers has been addressed by a Linux update. The Remote Code Execution (RCE) bug allowed unauthenticated users to execute kernel-level code and was assigned the highest severity rating attainable by the Common Vulnerability Scoring System (CVSS). Since the vulnerability only affected the lesser-used KSMBD module rather than the more popular Samba suite, most organizations and enterprise customers are believed to be secure from potential exploitation. The vulnerability stems from the processing of packet requests sent by the client to request access to a certain share on a server. According to the Zero Day Initiative (ZDI), the problem arises from a failure to validate the existence of an object before conducting actions on it. An attacker can exploit this flaw to execute code in the context of the kernel. The vulnerability is categorized as a "use-after-free" flaw, which is common in software despite its severity, as they often allow code execution and replacement. Use-after-free vulnerabilities include problems with the allocation of dynamic memory in applications. Dynamic memory requires the continual reallocation of data blocks inside a program, and when headers do not properly check which regions of dynamic memory are available for allocation, an attacker may be able to insert their own code in locations where data has been cleared. Shir Tamari, a security researcher, compared the repercussions of a potential attack, the leakage of a server's memory, to those of Heartbleed, a 2014 vulnerability that allowed users to read data on any website employing OpenSSL. This article continues to discuss the potential impact of the now-addressed kernel-level security vulnerability.

ITPro reports "Linux Fixes Maximum-Severity Kernel Vulnerability"