Linux Kernel ksmbd TCP Connection Race Condition Remote Code Execution Vulnerability

🗓️ 23 Feb 2024 00:00:00Reported by fffvrType

zdi🔗 www.zerodayinitiative.com👁 38 Views

Linux Kernel ksmbd TCP Connection Race Condition Remote Code Execution Vulnerability. No authentication required. Vulnerable if ksmbd enabled. Lack of proper locking on TCP connection and disconnection handling allows code execution in kernel context.

Reporter	Title	Published	Views	Family All 122
AstraLinux	Astra Linux - уязвимость в linux-5.15, linux-6.1	20 May 202605:53	–	astralinux
BDU FSTEC	The vulnerability of the `ksmbd_tcp_new_connection()` function in the `fs/smb/server/transport_tcp.c` module, which is part of the SMB (Server Message Block) networking protocol implementation in the ksmbd server kernel of the Linux operating system. This vulnerability allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.	28 Feb 202400:00	–	bdu_fstec
Circl	CVE-2024-26592	22 Feb 202418:53	–	circl
CNNVD	Linux kernel security vulnerabilities	22 Feb 202400:00	–	cnnvd
CVE	CVE-2024-26592	22 Feb 202416:21	–	cve
Cvelist	CVE-2024-26592 ksmbd: fix UAF issue in ksmbd_tcp_new_connection()	22 Feb 202416:21	–	cvelist
Debian CVE	CVE-2024-26592	22 Feb 202416:21	–	debiancve
NVD	CVE-2024-26592	22 Feb 202417:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-6688-1)	12 Mar 202400:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-6765-1)	8 May 202400:00	–	openvas