Just what every Linux system administrator wants just before the holidays: A serious Linux kernel security bug. The Zero Day Initiative (ZDI), a zero-day security research firm, announced a new Linux kernel security bug. This hole allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions.
How bad is it? Originally, the ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System (CVSS) scale. Now, the hole’s “only” a 9.6. That still counts as a “Patch it! Patch it now!” bug on anyone’s Linux server.
The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context.
Read more…
Source: ZDNet