Security Bulletin for Linux ksmbd Vulnerability ZDI-22-1690

Last updated
Save as PDF

Summary

On 2022-12-22, the Zero Day Initiative (ZDI) published a security advisory, ZDI-22-1690, regarding a vulnerability in the ksmbd service in the Linux kernel. The vulnerability can be exploited only if the ksmbd service is enabled.

Pure Storage products and services are not affected by this vulnerability. Pure does not include nor enable this service in any of our products.

Corrective Action

No corrective action is required for any Pure Storage products.

General Mitigation Best Practices

Pure Storage recommends following network security best practices that minimize the risk of compromise:

Restrict management interfaces to a trusted set of networks. Please see Best practices on restricting public IP addresses. Additional security posture hardening may be achieved by restricting all control plane access through a jump box (bastion host).
Restrict outbound Internet access to trusted destinations. Phone Home and Remote Assist (RA) require port 443 (https) to be open to CloudAssist subnet 52.40.255.224/27 for outbound traffic. A firewall will need to permit inbound traffic for the established connection.
Pure Storage strongly encourages the widely-endorsed best practice of highly restricting -- if not blocking altogether -- Internet access to management interfaces, including connections via SSH, TLS, remote consoles, and remote desktop mechanisms.
Closely monitor arrays for abnormal or unexpected workload/ IO spikes or utilization as a leading indicator.
Enable edge detection/protection mechanisms in the firewall / IDS / IPS systems to detect anomalous access or traffic patterns.

Contacting Support

If you would like one of our engineers to assist you with this issue please call +1 866-244-7121. If calling from outside the US here is a list of phone numbers: https://support.purestorage.com/Pure1/Support.