Linux Kernel Security Bug Allows Remote Code Execution for Authenticated Remote Users

The Zero Day Initiative, a zero-day security research firm, announced a new Linux kernel security bug that allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. ZDNet reports: Originally, the Zero Day Initiative ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System scale. Now, the hole's "only" a 9.6....

The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context. This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance....

Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

Not a problem for Samba users

[Spazmania]

If you just run ordinary Samba instead of trying to cram all this stuff into the kernel, you don't have a problem. Lots of stuff just doesn't need to be in the kernel.

Re:

[Subsentient]

Embrace it, my friend. It is the will of Satan. The world needs more harmless weirdness.

dont shove every possible server inside the kernel

[DrYak]

If you just run ordinary Samba instead of trying to cram all this stuff into the kernel, you don't have a problem.

^^^^---: This! Times over 9000. Too bad mod only goes up to 5.

Also applies for kernel httpd servers, etc.

Re:

[Pinky's Brain]

Or use a language which can guarantee isolation (stronger than Rust).

Re:

[Spazmania]

The technique which guarantees isolation is: don't put it in the kernel.

Microkernel vs monolithic

[manu0601]

I do not want to re-ignite the microkernel vs monolithic war, but was it really necessary to implement SMB in kernel?

Re:Microkernel vs monolithic

[ArchieBunker]

Don’t worry I’m sure it will get merged into systemd.

Re:

[gweihir]

Good. Then it will not be on my Linux systems...

Re:

[Vlad_the_Inhaler]

That was modded Funny? It's only been two days since this particular story hit this site [slashdot.org].

Re:

[gweihir]

Obviously not. Also, in order to have a secure system, do not compile stuff in you are not using. Or at the very least delete the modules.

Re:

[Burdell]

The microkernel people always just waved away performance concerns, promising that they'd be addressed later (but with no clear path to do so). Message passing between independent memory spaces will always have higher latency.

Network file sharing needs high performance (low latency is actually more important for most things than high throughput), and so it usually ends up in the kernel. The Linux NFS server started out as a user-mode program, but they just never could get good performance out of it, so it m

Re:

[phantomfive]

It is rare that the bottleneck for networked filesystems is in the kernel.

Re:Microkernel vs monolithic

[DDumitru]

A network file system is user space has to deal with two user to kernel transitions. The backing file store is in the kernel, and the network is in the kernel. A couple of years ago, I sat in on a "user space performance optimizing" session at an SNIA conference. All sorts of tricks including polling, io-uring, etc. I asked what I thought was a reasonable question. What techniques should we equate these two if we are writing in kernel space. The answer was simple. In kernel space, you don't take the hits. Kernel space is faster, more controllable, and more deterministic. It is harder to code in, but there are reasons the performance critical stuff is there. This is also why Rush will take off. Kernel and tight compiled code.

Re:

[Anonymous Coward]

The microkernel people always just waved away performance concerns, promising that they'd be addressed later (but with no clear path to do so). Message passing between independent memory spaces will always have higher latency.

There is quite a bit you can do about it, even short of faster context switching hardware. Which isn't strange to ask for given all the other specialised hardware for specific tasks found in modern desktop CPUs.

One example is QNX' "canned messages", where one process prepares a message for later delivery, which gets done on a fast signal once it happens.

A network file system is user space has to deal with two user to kernel transitions. The backing file store is in the kernel, and the network is in the kernel.

You could stick the network FS in with the user space network stack process.

Let me also mention the other two rings x86 gives you, cribbed from multics wi

Re:

[organgtool]

This is also why Rush will take off

To the Great White North?

Re:

[bfields]

Note, another factor is that it's easier to integrate an in-kernel server with the exported filesystems.

File locking, NFSv4 file delegations, NFSv4 change attributes, and lookup of files by filehandle are all areas where we've traditionally depended on in-kernel interfaces between knfsd and filesystems.

Over time we've added APIs which expose that functionality to userspace (see for example open_by_handle_at(2)), and we may some day get to the point where userspace has access to all the same filesystem funct

Re: Microkernel vs monolithic

[jabuzz]

Samba becomes a problem for performance at 100Gbps. It's fine at 40Gbps. Now how many people are doing 100Gbps SMB servers is another question, but 99.999% of all Linux based servers doing SMB are better off with Samba. Frankly the kernel based NFS server is a disaster area as you have zero visibility of what the hell is going on when things go wrong and you invariably end up having to reboot the server.

Re:

[phantomfive]

100Gbps is fast hardware. Seems like you should have a faster CPU and RAM if you have that fast of storage.

Regardless, there should be solutions that don't involve putting the server in the kernel.

Re:

[Bert64]

You don't need to run as root, you could implement a userland service that only provided access to files owned by one user.
You could also drop privileges once a user has authenticated, down to the level of the currently authenticated user. That way you don't need to implement permission checks in the service either, since the kernel will take care of that.

Re:

[Burdell]

That's a very simplistic design that doesn't scale well to thousands of clients. And for SMB/CIFS to Windows clients, I'm not even sure how well it would work (since the Windows permission model doesn't map 100% onto the Unix permission model, so IIRC some things are stored in extended attributes interpreted by Samba, don't know about the kernel SMB).

And it still isn't a perfect security fix, since a compromise would allow access to things outside the exported segment of the filesystem (the base OS, possibl

Re:

[Bert64]

It depends on what exactly you're running SMB for, and how many clients you actually have...
A lot of SMB on Linux deployments are in the form of small scale NAS appliances. Many of them only have one user, and no need for any permissions system.

Re:

[Pinky's Brain]

An 8 bit entry on every cache and TLB entry and an 8 bit comparison before finalising an instruction (or load for RISC) would be enough for drivers and the odd kernel integrated server, it's not a big deal.

Re:

[Pinky's Brain]

PS. I see SeL4 has PCID support, so it can run 4096 MMU isolated processes without TLB flushing right now. Though for AMD only Zen 3 and up has support.

Re:

[John Allsup]

There is always a performance/security tradeoff. If userland samba is fast enough, then do not use a kernel SMB module. I imagine there are use cases for which a kernel module was necessary (servers and performance).

Re:

[phantomfive]

It's a kernel module. You can put anything in a module.

Re:

[AmiMoJo]

I had the same question so did some research. Maybe I'm too generous, but I tend to assume there is a good reason and want to know what it is.

The main one seems to be performance. SMB can actually perform quite well if some of the high end stuff is implemented, like DMA that bypasses some of the handling overhead. To get that it needs to be in the kernel.

Re:

[NateFromMich]

was it really necessary to implement SMB

Nope

Re:

[willkane]

Or they could have had it implemented using FUSE [wikipedia.org].

Shouldn't authed users be able to run code?

[278MorkandMindy]

Or is it something more complex? Or is it slashdots title editors fault...

Re:

[Talchas]

Sounds like just "authenticated to the ksmdb server", assuming you're hosting some SMB filesystems for remote use on your machine. So they _should_ have access to (some amount of) those filesystems, but not run code.

Re:

[dskoll]

I think it means auth'd users can run code as root (or even worse, within kernel context.)

Re:

[gweihir]

This is probably for authenticated users that are blocked from logging in. Because otherwise it wouldn't make any sense at all.

Slackware not affected

[volkerdi]

Slackware has never enabled CONFIG_SMB_SERVER in any kernel.

Re:

[NateFromMich]

Slackware has never enabled CONFIG_SMB_SERVER in any kernel.

And when you grow up, you'll never enable in your own kernel that you build yourself.

Re:

[willkane]

Dude, you replied to this guy [wikipedia.org].

He was building custom kernels even before your mother had the accident of having you.

Are Slashdot's old timers already dead or they just don't read posts here anymore? Or maybe don't care to reply?

Re:

[jmccue]

This is the first I saw this thread, I was elsewhere yesterday.

But the care Slackware uses in deciding what to enable in their kernel (among other reasons) is why Slackware is still my main system.

No Samba in my outfit

[RUs1729]

Mine is a Windows-free setup, which implies that I have no use for Samba. This does not affect me.

Re:No Samba in my outfit

[lsllll]

SMB is not just for Windows and, to be honest, I think it's a better option than NFS in most instances. In addition, most multimedia devices support SMB right out of the box. At home, SMB is a blessing, even if most of my machines run Linux. At work I gave up using SMB and went with SSHFS instead. But I do agree that it should never have been baked into the Linux kernel. Maybe it caught Linus on a bad day.

Re:

[phantomfive]

But I do agree that it should never have been baked into the Linux kernel. Maybe it caught Linus on a bad day.

It's not part of the core kernel, it's a kernel module. Anything can go into those.

Re:

[thegarbz]

But I do agree that it should never have been baked into the Linux kernel. Maybe it caught Linus on a bad day.

Or maybe Linus realised the benefits of having a filesystem level driver in the kernel where it shares the same space as network drivers and presents to the rest of the system in a unified sane way.

Re:

[thegarbz]

LOL modded down for agreeing with Linus Torvalds, Slashdot what have you become.

Slackware 15 is not a Debian descendent...

[ctilsie242]

Slackware 15 is definitely not linked to Debian. It had its own package manager (used to use tarballs for everything at first), and has been around for longer than Debian, tracing back to the SLS days.

Re:

[vbdasc]

Well, if we're going to be nitpicking, then neither does Deepin Linux descend from Ubuntu.

Re:

[Deal In One]

Slackware 15 is definitely not linked to Debian. It had its own package manager (used to use tarballs for everything at first), and has been around for longer than Debian, tracing back to the SLS days.

SLS? Space Launch System ? https://en.wikipedia.org/wiki/... [wikipedia.org]

Thats only over a decade old. I think Slackware, Debian and many other distros have been around longer ;)

Re:

[jmccue]

Joking right ? :)

Anyway here is a link

https://en.wikipedia.org/wiki/Softlanding_Linux_System

systemd approach?

[HnT]

Why would you integrate a file daemon functionality right into the kernel? The concept alone sounds like a completely terrible idea already.

Dear Santa

[jd]

I would like for Christmas a fully security-audited mathematically verified Linux kernel.

Module blacklist?

[bill_mcgonigle]

Are distros autoloading this?

Do people using these distros need to push out a module blacklist conf?

I so rarely regret running Debian Stable with its "old-ass" LTS kernel.

New code and exploration is fantastic behind several firewalls. I am glad Samsung is working on kernel code.