For information
edit:
To what extent is this related to IPFire?
edit2
Small supplement
1 Like
A quick check looks to me that IPFire has the kernel module available to be loaded if required but it is not loaded by default.
From what I have read it looks like for this to be enabled or used you would need to have ksmbd-tools installed which is not available on IPFire, either as a core or addon program.
So my interpretation is that IPFire is not vulnerable to this but it would be good for other more experienced people to comment.
If that “Zero Day Initiative” article is correct it is saying that a fix is available in kernel-5.15.61
IPFire is currently on 5.15.71 suggesting no longer vulnerable. Apparently this issue was found back in July 2022 and the release of information on the issue was done on 22nd Dec 2022.
EDIT:
Found several places all saying that 5.15.61 and later has the fix. Depends where they are reporting it from but it does suggest already fixed in current IPFire release.
For anyone worried about using smb with samba the code for ksmbd was written from scratch and has no commonality to the samba smb code and therefore won’t have the same vulnerability.
It was fixed in 5.15.61 - found the following commit in it
commit a54c509c32adba9d136f2b9d6a075e8cae1b6d27
Author: Namjae Jeon <linkinjeon@kernel.org>
Date: Thu Jul 28 21:57:08 2022 +0900
ksmbd: fix use-after-free bug in smb2_tree_disconect
commit cf6531d98190fa2cf92a6d8bbc8af0a4740a223c upstream.
smb2_tree_disconnect() freed the struct ksmbd_tree_connect,
but it left the dangling pointer. It can be accessed
again under compound requests.
5 Likes