Red Hat response to Zero Day Initiative ksmbd vulnerabilities

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (all versions)
  • Red Hat OpenShift (all versions)

Issue

Trend Micro Zero Day Initiative (ZDI) made public several vulnerabilities affecting the ksmbd module in the Linux kernel.

Are Red Hat products affected by these issues?

Resolution

Trend Micro's Zero Day Initiative (ZDI) reported vulnerabilities affecting the kernel's ksmbd module

No Red Hat products are affected by the ksmbd vulnerabilities, as the code is not included in any shipping release. Customers' OpenShift workloads based on the UBI container base images also do not ship it and do not need to be updated or rebuilt. These flaws do not affect any of the layered products.

Red Hat Enterprise Linux takes a conservative approach to including untested code in released products. New features are only included once considered stable and tested and this new functionality has not yet met this requirement.

Root Cause

The ksmbd is a kernel-side file server compatible with the SMB protocol included in the Linux kernel in 2021. It is designed to be a lightweight file server without the need of a downstream userspace (for example: samba) component providing such service. Trend Micro’s Zero Day found a number of issues with ksmbd and disclosed their findings on December 22, 2022.

Again, it is paramount to notice that this kernel module is not shipped or enabled in Red Hat products.

Diagnostic Steps

  1. Look up for the SMB_SERVER functionality in your kernel:
$ grep SMB_SERVER /boot/config-$(uname -r)
# CONFIG_SMB_SERVER is not set

or

$ grep SMB_SERVER /boot/config-$(uname -r)
$ <no results>
  1. Get information for the ksmbd module:
$ modinfo ksmbd
modinfo: ERROR: Module ksmbd not found.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments