Overview
On December 26, 2022, NSFOCUS CERT detected multiple security vulnerabilities in Linux Kernel released online, relevant users are requested to take protective measures as soon as possible.
Linux Kernel Remote Code Execution Vulnerability (CVE-2022-47939):
A remote code execution vulnerability exists in Linux Kernel SMB2_TREE_DISCONNECT command processing. Due to the lack of verification of the existence of the object before performing operations on the object, when ksmbd is enabled on the system, an unauthenticated remote attacker can achieve arbitrary code execution on the target system, with a CVSS score of 10.
Linux Kernel information disclosure vulnerability (CVE-2022-47940):
An out-of-bounds read information disclosure vulnerability exists in the processing of the SMB2_TREE_DISCONNECT command in the Linux Kernel. Due to the lack of proper validation of user-supplied data, when ksmbd is enabled on a system, an authenticated attacker can read beyond the allocated buffer, which, combined with other vulnerabilities, ultimately enables arbitrary code execution in kernel context. The CVSS score is 9.6.
Linux Kernel Remote Code Execution Vulnerability (CVE-2022-47942):
A remote code execution vulnerability exists in the Linux Kernel’s handling of file attributes, because the Linux Kernel does not properly validate the length of user-supplied data before copying it to a heap-based buffer. An authenticated attacker could exploit this vulnerability to execute code in kernel context when ksmbd is enabled on the system. The CVSS score is 8.5.
KSMBD is an open source In-kernel CIFS/SMB3 server developed by Namjae Jeon for Linux Kernel. It is the implementation of the SMB/CIFS protocol in the kernel space, which is used to share files and IPC services through the network.
Reference link: https://www.openwall.com/lists/oss-security/2022/12/23/10
Scope of Impact
Affected version
- 5.15 <= Linux Kernel < 5.19.2
CVE-2022-47940:
- 5.15 <= Linux Kernel < 5.18.18
CVE-2022-47942:
- 5.15 <= Linux Kernel < 5.19.2
Unaffected version
CVE-2022-47939:
- Linux Kernel >= 5.19.2
CVE-2022-47940:
- Linux Kernel >= 5.18.18
CVE-2022-47942:
- Linux Kernel >= 5.19.2
Detection
Linux system users can check whether the current system is within the affected range by checking the version. The command to check the version information of the operating system is as follows:
cat /proc/version
If the version is within the affected range and ksmbd is enabled on the system, there may be security risks.
Mitigation
1. At present, the official has fixed this vulnerability in the new version. Affected users are suggested to update the version as soon as possible. The official download link: https://www.kernel.org
2. At present, the official patch package has been released to fix this vulnerability. It is recommended that affected users install the protection in time:
CVE-2022-47939:
https://github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c
CVE-2022-47940:
https://github.com/torvalds/linux/commit/158a66b245739e15858de42c0ba60fcf3de9b8e6
CVE-2022-47942:
https://github.com/torvalds/linux/commit/8f0541186e9ad1b62accc9519cc2b7a7240272a7
