CVE-2024-26592 & 26594: Critical Linux Kernel Flaws Open Door for Code Execution and Data Theft

A pair of critical vulnerabilities, recently patched in the Linux kernel, have raised alarms for anyone managing Linux systems. These flaws resided in the KSMBD file server, responsible for seamless file sharing with Windows machines. These vulnerabilities, dubbed CVE-2024-26592 and CVE-2024-26594, carried severe consequences, but thankfully, swift action has mitigated the threat.

KSMBD: Linux’s High-Performance File Sharing Powerhouse

KSMBD brings lightning-fast file sharing in Windows-heavy networks straight to the Linux kernel. This streamlined approach promises better performance than older solutions like Samba. However, even the most sophisticated designs can harbor hidden flaws.

CVE-2024-26592: Linux Kernel ksmbd TCP Connection Race Condition Remote Code Execution Vulnerability

This vulnerability (CVSS score 9.0 – Critical) is a nightmare scenario for system administrators. It hinges on a race condition during how KSMBD handles establishing and closing network connections. A skilled attacker could exploit this flaw to run their code within the kernel itself. Taking control of the kernel means effectively taking control of the entire system.

CVE-2024-26594: Linux Kernel ksmbd Mech Token Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability (CVSS score 9.3 – Critical) puts confidential data at risk. It involves incorrect validation when KSMBD processes SMB2 authentication tokens. By carefully manipulating these tokens, an attacker could trick the system into revealing information it shouldn’t – a potential treasure trove of sensitive data.

The Domino Effect: Chaining Exploits

Alone, CVE-2024-26594 is dangerous. But cyberattacks are rarely one-trick ponies. This information leak could provide the perfect springboard for an attacker to use CVE-2024-26592 and take complete control of a vulnerable system.

“Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable,” reads the security advisory.

Security Researcher to the Rescue

Thankfully, these flaws were discovered by a security researcher known as ‘fffvr’ working through Trend Micro’s Zero Day Initiative (ZDI). Responsible disclosure like this is vital for protecting the open-source community.

The Silver Lining: Patches Are Available

Linux has quickly addressed these vulnerabilities. You can find the fixes in the following commits:

• CVE-2024-26592: https://github.com/torvalds/linux/commit/38d20c62903d669693a1869aa68c4dd5674e2544
• CVE-2024-26594: https://github.com/torvalds/linux/commit/92e470163d96df8db6c4fa0f484e4a229edb903d

Action is Key

If you use Linux systems with KSMBD enabled, don’t delay! Updating to a patched kernel version is your top priority. Staying on top of these fixes is the best way to keep your systems secure.