Linux Kernel SMB Client DACL Validation Vulnerability

A vulnerability exists in the Linux kernel's SMB client implementation, specifically within the CIFS (Common Internet File System) module. The issue arises because the client does not properly validate the Discretionary Access Control List (DACL) received from a server before rewriting it. This flaw can be exploited by a malicious server that sends a truncated DACL, which still appears to be valid. The server can manipulate the DACL to overwrite or compare Access Control Entries (ACEs) with attacker-controlled data, potentially leading to unauthorized changes in file ownership or permissions.

Impact

Exploitation of this vulnerability allows for improper handling of DACLs, which can be manipulated to overwrite or compare ACEs with attacker-controlled information. This could result in unauthorized modifications to file ownership or permissions.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux Kernel Archives.