Linux Kernel ksmbd Preauth_HashValue Race Condition Vulnerability

A race condition vulnerability has been identified in the ksmbd component of the Linux kernel. This issue arises when a client sends multiple session setup requests, leading to a race condition with the Preauth_HashValue. The vulnerability is present in the Linux kernel stable tree. The root cause is the unnecessary freeing of the Preauth_HashValue during the session setup phase, which can instead be handled at the connection termination phase.

Impact

Exploitation of this vulnerability can lead to a race condition, where the timing of events can be manipulated, potentially causing unexpected behavior in the application.

Reproduction

To reproduce this vulnerability, send multiple session setup requests to a server running ksmbd in the Linux kernel. This can be done using a client that supports SMB2 protocol, such as a Windows machine or a Linux machine with Samba installed. The race condition can be observed by monitoring the handling of the Preauth_HashValue during the session setup process.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.