4.Lock AbstractDigital Esm W900

Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution.

Yes, this sounds bad, and a score of 10 isn't reassuring at all. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread.


Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15. Disclosure was responsibly held until a patch was issued.

Unlike that other popular SMB server for Linux, which runs in userspace, ksmbd operates in the kernel. That triggered alarm bells among some users discussing its merge last year.