Summary: Security researcher Jordy Zomer has identified two critical vulnerabilities in KSMBD, the in-kernel SMB server for Linux, which could allow attackers to compromise vulnerable systems. The vulnerabilities, CVE-2024-56626 and CVE-2024-56627, involve out-of-bounds write and read operations, respectively, both leading to severe security threats. With high CVSS scores of 9.8 and 9.1, urgent action is necessary for affected organizations to mitigate risks by upgrading to the latest patched Linux kernel versions.
Affected: KSMBD, Linux kernel versions greater than 5.15
Keypoints :
- Two critical vulnerabilities identified: CVE-2024-56626 (out-of-bounds write) and CVE-2024-56627 (out-of-bounds read).
- Both vulnerabilities can lead to kernel takeover or unauthorized access to sensitive memory.
- Patch available in Linux kernel version 6.13-rc2; immediate upgrade is recommended to protect against potential exploits.