Linux Kernel ksmbd Component Brute Force Delay Bypass Vulnerability

A vulnerability exists in the Linux kernel's ksmbd component, which is the kernel SMB/CIFS server. This vulnerability allows remote attackers to bypass a security control intended to prevent dictionary attacks. The control introduces a 5-second delay during session setup to deter brute-force attempts. However, this delay can be circumvented using asynchronous requests, negating the anti-brute-force protection. As a result, attackers could more efficiently conduct dictionary attacks against user credentials or other authentication mechanisms. The vulnerability affects all Linux distributions that include the ksmbd component.

Impact

Exploitation of this vulnerability allows for the improper restriction of excessive authentication attempts, enabling brute-force attacks on user credentials or other authentication methods.

Remediation

Linux has released an update to address this vulnerability. Details about the update can be found in the official Linux Git repository.