CyberSecurityBoard
Sponsor Register Login

0-Click Linux Kernel KSMBD RCE Exploit

A critical zero-click remote code execution (RCE) vulnerability has been discovered in the Linux kernel's KSMBD component, which handles SMB3 protocol operations. This flaw allows attackers to execute arbitrary code on vulnerable systems without any user interaction, posing a significant threat to Linux servers and devices running SMB services. The vulnerability, tracked as CVE-2023-38408, affects multiple Linux distributions and kernel versions, making it a widespread concern for system administrators and cybersecurity professionals. The KSMBD module is responsible for implementing the SMB3 protocol server-side in the Linux kernel, enabling file sharing and network communication with Windows clients. The discovered exploit leverages a flaw in the way KSMBD processes certain SMB3 requests, allowing an attacker to trigger a buffer overflow and gain remote code execution privileges. This zero-click nature means the attack can be initiated remotely without any need for user interaction or authentication, increasing the risk of automated exploitation and wormable attacks. Security researchers have demonstrated the exploit's effectiveness in controlled environments, highlighting the urgent need for patching and mitigation. Linux vendors have released patches and advisories urging users to update their kernels immediately to prevent potential breaches. Organizations relying on Linux SMB services are advised to audit their systems, apply security updates, and monitor for unusual network activity that could indicate exploitation attempts. This vulnerability underscores the importance of continuous security assessments and timely patch management in open-source software environments. As Linux continues to be a backbone for enterprise servers, cloud infrastructure, and IoT devices, vulnerabilities like the KSMBD RCE pose significant risks to data integrity and system availability. Cybersecurity teams should prioritize deploying the latest kernel updates and consider additional network-level protections to mitigate exploitation risks. In conclusion, the zero-click Linux kernel KSMBD RCE exploit represents a severe security threat requiring immediate attention from the Linux community. Prompt patching, vigilant monitoring, and comprehensive security strategies are essential to safeguard systems against this and future vulnerabilities in critical kernel components.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 16 Sep 2025 07:41:42 +0000


Cyber News related to 0-Click Linux Kernel KSMBD RCE Exploit

0-Click Linux Kernel KSMBD RCE Exploit - A critical zero-click remote code execution (RCE) vulnerability has been discovered in the Linux kernel's KSMBD component, which handles SMB3 protocol operations. This flaw allows attackers to execute arbitrary code on vulnerable systems without any ...
3 months ago Cybersecuritynews.com CVE-2023-38408
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-46795 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused ...
1 year ago Tenable.com
CVE-2024-26957 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-57895 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is coming like the following. [ 113.215316] ------------[ cut here ...
11 months ago Tenable.com
CVE-2024-26688 - In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in ...
1 year ago Tenable.com
CVE-2022-49123 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
CVE-2023-53329 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2024-44989 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2022-48664 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-26811 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload ...
1 year ago Tenable.com
CVE-2022-49248 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
CVE-2022-50315 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2024-56658 - In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dst_destroy [1] Issue is in xfrm6_net_init() and xfrm4_net_init() : They copy ...
11 months ago Tenable.com
CVE-2022-48923 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2022-49156 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
CVE-2025-39809 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2024-50106 - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread ...
1 year ago Tenable.com
CVE-2024-57896 - In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() ...
11 months ago Tenable.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
5 years ago
Click Profit blocked by the FTC over alleged e-commerce scams - Click Profit is an online business paltform promoted on social media and through websites that claims to help consumers generate passive income by setting up and managing e-commerce stores on Amazon, Walmart, and other platforms. The US Federal Trade ...
9 months ago Bleepingcomputer.com
Linux Kernel KSMBD Vulnerability Exploited in the Wild - A critical vulnerability in the Linux kernel's KSMBD component has been actively exploited by threat actors, raising significant security concerns for systems running vulnerable versions. The flaw, identified as CVE-2023-38831, allows attackers to ...
2 months ago Cybersecuritynews.com CVE-2023-38831
CVE-2021-47512 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)