Published on: 28 December 2022
A remote code execution vulnerability is found in the Linux kernel 5.15 through 5.19 with KSMBD enabled. KSMBD is a Linux kernel daemon which implements the SMB3 protocol in kernel space for sharing files over a network. A remote unauthenticated attacker may leverage the vulnerability to execute arbitrary code with kernel-level privileges.
Reports indicate that the remote code execution vulnerability (CVE-2022-47939) in Linux operating systems with KSMBD enabled is at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Please note that RedHat products are not affected and KSMBD is not installed by default on most Linux distributions. It is strongly recommended to consult the product vendors if the used systems are affected.
Successful exploitation could lead to remote code execution on an affected system.
The vulnerability is fixed in some of the affected Linux distributions including Debian and Ubuntu. The following is only a sample list of Linux distributions that are affected. The list is not exhaustive and it is strongly recommended to consult the product vendors if the used Linux systems are affected. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.