Discover Security Vulnerabilities News
Back to work, Linux Admins: You Have a CVSS 10 Kernel Bug to Address
Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution.
Yes, this sounds bad, and a score of 10 isn't reassuring at all. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread.
Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15. Disclosure was responsibly held until a patch was issued.