SB2023061901 - Remote code execution in Linux kernel ksmbd
Published: June 19, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2023-32250)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition within the fs/ksmbd/connection.c in ksmbd in Linux kernel when processing SMB2_SESSION_SETUP commands. A remote attacker can exploit the race by sending concurrent session setup and logoff request and execute arbitrary code on the system.
2) Race condition (CVE-ID: CVE-2023-32254)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a race condition within fs/ksmbd/mgmt/tree_connect.c in ksmbd in Linux kernel when processing SMB2_TREE_DISCONNECT commands. A remote attacker can trigger a use-after-free error using concurrent smb2 tree disconnect requests and execute arbitrary code on the system.
Remediation
Install update from vendor's website.
References
- https://www.zerodayinitiative.com/advisories/ZDI-23-698/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5c779b7ddbda30866cf2a27c63e34158f858c73
- https://bugzilla.redhat.com/show_bug.cgi?id=2208849
- https://www.zerodayinitiative.com/advisories/ZDI-23-702/
- https://github.com/torvalds/linux/commit/30210947a343b6b3ca13adc9bfc88e1543e16dd5
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30210947a343b6b3ca13adc9bfc88e1543e16dd5