Linux Kernel ksmbd Component Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the ksmbd component of the Linux kernel. This issue arises when a durable file handle persists after a session disconnect, leading to improper management of connection-related locks. Specifically, the session_fd_check function nullifies the connection pointer to preserve the handle for future reconnection, but fails to remove associated byte-range locks. Consequently, when the durable scavenger thread times out and attempts to close the file handle, it triggers a use-after-free condition by accessing a previously freed connection object, causing potential memory corruption.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where a freed memory area is accessed, potentially allowing for arbitrary code execution or memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.