Linux Kernel ksmbd Durable Handle Reconnection Owner Validation Vulnerability

A vulnerability in the Linux kernel's ksmbd component allows authenticated users to hijack orphaned durable handles by predicting or brute-forcing persistent IDs. This issue arises because ksmbd does not verify if the user reconnecting to a durable handle is the same one who originally opened the file. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability allows for unauthorized hijacking of durable handles, potentially leading to unauthorized access or manipulation of files.

Reproduction

To reproduce this vulnerability, an authenticated user can predict or brute-force the persistent ID of an orphaned durable handle. Once the ID is successfully guessed, the user can reconnect to the handle, bypassing the original owner's permissions.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been addressed.