Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

Overview

Trend Micro's ‘Zero Day Initiative’ has discovered several vulnerabilities in Linux Kernel, some of which are considered critical or high severity.  

Detail

The most serious of these vulnerabilities (ZDI-22-1690) allows remote attackers to execute arbitrary code on affected installations of Linux Kernel without requiring authentication.

This vulnerability only affects systems with ksmbd enabled.

Another serious vulnerability (ZDI-22-1691) affects the handling of SMB2_WRITE commands, rated 9.6 in severity. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel, but requires authentication to exploit.

A third vulnerability (ZDI-22-1688) is rated 8.5 in severity. It affects the handling of file attributes and results from the lack of proper validation of the length of user-supplied data before copying it to a heap-based buffer. An attacker can exploit this vulnerability to execute code in the context of the kernel.

The other two vulnerabilities (ZDI-22-1689 and ZDI-22-1687), which are ranked at 6.5 and 5.3 in severity, also affect the handling of file attributes and user-supplied data.

Recommended Action

Updates and workarounds to fix these vulnerabilities are available and these can be accessed on the webpages for each vulnerability as stated above. 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates