This security bulletin contains one high risk vulnerability.
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when processing SMB2_LOGOFF and SMB2_CLOSE commands in ksmbd. A remote attacker can send specially crafted data to the server and execute arbitrary code on the system.
Install updates from vendor's website.Vulnerable software versions
Linux kernel: All versionsFixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?