A vulnerability have been discovered in KSMBD for Linux that could allow for remote code execution. KSMBD is a Linux kernel daemon which implements the SMB3 protocol in kernel space for sharing files over a network. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of a remote unauthenticated user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More