Linux Kernel ksmbd Per-IP Connection Limit Remote Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's ksmbd component. When the per-IP connection limit is exceeded, the server fails to close the just-accepted socket, leading to a leak of one socket per rejected connection attempt from the same IP address. This issue creates a trivial remote denial-of-service condition. The vulnerability has been addressed by modifying the connection handling to release the socket before continuing the acceptance loop.

Impact

Exploitation of this vulnerability causes a remote denial-of-service condition by leaking sockets for each rejected connection attempt, potentially exhausting system resources.

Reproduction

The vulnerability can be reproduced by exceeding the per-IP connection limit on a server running ksmbd. When the limit is exceeded, the server rejects the connection but fails to close the accepted socket, causing a socket leak. This can be done by rapidly initiating connection attempts from the same IP address until the limit is reached, allowing the leaked sockets to accumulate.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.