CVE-2024-56626 & CVE-2024-56627: Critical Linux Kernel SMB Server Bugs Uncovered, PoC Published

Security researcher Jordy Zomer have recently discovered two critical vulnerabilities in KSMBD, the in-kernel SMB server for Linux. These vulnerabilities, CVE-2024-56626 and CVE-2024-56627, could allow attackers to gain control of vulnerable systems.

CVE-2024-56626 is an out-of-bounds write vulnerability that exists in the ksmbd_vfs_stream_write function. This function handles the writing of data to a file with extended attributes, which represent alternate data streams (ADS). The vulnerability can be exploited by an attacker to write data outside the allocated buffer, potentially leading to a kernel takeover.

CVE-2024-56627 is an out-of-bounds read vulnerability in the ksmbd_vfs_stream_read function. This function is responsible for reading data from a file with extended attributes. An attacker can exploit this vulnerability by providing a negative offset, which leads to reading data from memory before the start of the allocated buffer.

Both vulnerabilities have been assigned a CVSS score of 9.8 and 9.1 respectively, making them critical threats to system security. Attackers could potentially exploit these vulnerabilities to read sensitive kernel memory or execute arbitrary code with kernel privileges.

Affected Versions:

Linux kernel versions greater than 5.15

Patched Versions:

Linux kernel version 6.13-rc2

Remediation:

Upgrade to the latest patched version of the Linux kernel.

The critical nature of these vulnerabilities underscores the potential risks posed to organizations relying on KSMBD for file sharing. With proof-of-concept exploits available, attackers could quickly weaponize these flaws for advanced persistent threats (APTs), ransomware operations, or espionage campaigns. It is crucial for system administrators to patch their systems immediately to mitigate the risk posed by these vulnerabilities.

Rate this post

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply