I admit, I am confused by the various commands shown here in this thread and the referenced ZDnet webpage mentioned in the original post. I believe that they are typos, and the trailing "d" is missing.
The command "modinfo ksmb" yields the result:
Code:
$ modinfo ksmb
modinfo: ERROR: Module ksmb not found.
I think they have it wrong. I think that the module is called "ksmbd". Note the "d" at the end. This command yields a different result:
Code:
$ modinfo ksmbd
filename: /lib/modules/5.15.0-56-generic/kernel/fs/ksmbd/ksmbd.ko
softdep: pre: crc32
softdep: pre: gcm
softdep: pre: ccm
softdep: pre: aead2
softdep: pre: sha512
softdep: pre: sha256
softdep: pre: cmac
softdep: pre: aes
softdep: pre: nls
softdep: pre: md5
softdep: pre: md4
softdep: pre: hmac
softdep: pre: ecb
license: GPL
description: Linux kernel CIFS/SMB SERVER
version: 3.4.2
author: Namjae Jeon <[email protected]>
srcversion: 0DFDD5D3D1E59E4DF8E8D62
depends: ib_core,rdma_cm
retpoline: Y
intree: Y
name: ksmbd
vermagic: 5.15.0-56-generic SMP mod_unload modversions
sig_id: PKCS#7
signer: Build time autogenerated kernel key
sig_key: [REDACTED BY SPHEN]
sig_hashalgo: sha512
signature: [REDACTED BY SPHEN]
When I tried the "-d" switch, I got:
Code:
$ modinfo -d ksmb
modinfo: ERROR: Module ksmb not found.
$ modinfo -d ksmbd
Linux kernel CIFS/SMB SERVER
In fact, the -a, -d, -l, -p, -n and --filename switches all work, but the -F switch (which supersedes them), does not:
Code:
$ modinfo -a ksmbd
Namjae Jeon <[email protected]>
$ modinfo -d ksmbd
Linux kernel CIFS/SMB SERVER
$ modinfo -l ksmbd
GPL
$ modinfo -p ksmbd
$ modinfo -n ksmbd
/lib/modules/5.15.0-56-generic/kernel/fs/ksmbd/ksmbd.ko
$ modinfo --filename ksmbd
/lib/modules/5.15.0-56-generic/kernel/fs/ksmbd/ksmbd.ko
$ modinfo -F ksmbd
modinfo: ERROR: missing module or filename.
I found the same results in Ubuntu MATE 22.04, Ubuntu 22.04.1 and Ubuntu MATE 22.04.1. The latter two were installed from downloaded .iso files this morning. I performed the default installations into virtual machines. The Ubuntu MATE 22.04 is fully Software Updater, apt updated, and apt upgraded, but no other recent changes or installations. The same results also appear in newly downloaded and installed Ubuntu 22.04.1 and Ubuntu MATE 22.04.1.
I am bothered when a vulnerability report does not get the "check if you have the issue" command correct in its reporting, but that appears to be what has happened here. At this point, I have no definitive command that shows whether the module is merely "available" or it is actually loaded and a potential vulnerability.
I ran nmap scans of all three, and none have any ports open. They are installed as desktop virtual machines.