Impact
The Linux kernel’s ksmbd server had an omission in its handling of the FSCTL_SET_SPARSE control code: the routine that applies the sparse flag to a file wrote the change to extended attributes without any permission checks. As a result, a SMB client that could send the FSCTL_SET_SPARSE request could alter a file’s sparse attribute even when the share is set to read‑only or when the client does not hold FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES rights. This flaw enables an attacker to change file metadata and disk usage characteristics without proper authorization, and it is rooted in improper access control (CWE‑266).
Affected Systems
All Linux kernel installations that run the ksmbd SMB server are affected. The flaw is present wherever the unpatched implementation of FSCTL_SET_SPARSE resides, regardless of distribution or specific kernel version, because the patch is made to core ksmbd code used by all enabled SMB services.
Risk and Exploitability
The EPSS score is below 1%, indicating a very low probability of exploitation and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, the attack path is straightforward for any SMB client that can send the FSCTL_SET_SPARSE command. The vulnerability poses a moderate risk to data integrity and potentially system stability by allowing unauthorized modification of file attributes on a target system.
OpenCVE Enrichment