This security bulletin contains one high risk vulnerability.
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when handling SMB2_SESSION_SETUP and SMB2_LOGOFF commands. A remote attacker can send specially crafted data to the affected server, trigger a race condition and execute arbitrary code on the system.Mitigation
Install updates from vendor's website.Vulnerable software versions
Linux kernel: All versionsFixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?