CVE-2025-66002
📋 TL;DR
This CVE describes an argument injection vulnerability in smb4k's mount helper that allows local users to perform arbitrary unmounts. Attackers can manipulate command arguments to unmount unintended filesystems. Only affects systems with smb4k installed and local user access.
💻 Affected Systems
- smb4k
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to denial of service by unmounting critical system filesystems, potentially causing system instability or data loss.
Likely Case
Local users unmounting SMB shares or other filesystems they shouldn't have access to, causing service disruption.
If Mitigated
Limited to unmount operations only, no arbitrary code execution or data theft capabilities.
🎯 Exploit Status
Exploitation requires local user access and knowledge of the vulnerability. No public exploit code identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: smb4k 3.2.2
Vendor Advisory: https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html
Restart Required: No
Instructions:
1. Update smb4k package using your distribution's package manager. 2. For openSUSE/SUSE: 'sudo zypper update smb4k'. 3. For other distributions, check your package manager for smb4k 3.2.2 or later.
🔧 Temporary Workarounds
Disable kauth helper
linuxTemporarily disable the vulnerable kauth helper component
sudo chmod -x /usr/lib/smb4k/kauth/helper
Remove smb4k
linuxUninstall smb4k if not required
sudo zypper remove smb4k
sudo apt remove smb4k
🧯 If You Can't Patch
- Restrict local user access to systems with smb4k installed
- Implement strict privilege separation and monitor for unmount operations
🔍 How to Verify
Check if Vulnerable:
Check smb4k version: 'smb4k --version' or 'rpm -q smb4k' or 'dpkg -l smb4k'Check Version:
smb4k --versionVerify Fix Applied:
Verify installed version is 3.2.2 or higher: 'smb4k --version | grep -q "3\.[2-9]\|4\."'📡 Detection & Monitoring
Log Indicators:
- Unusual unmount operations in system logs
- Failed unmount attempts with unexpected arguments
Network Indicators:
- Unexpected SMB share disconnections
SIEM Query:
process.name="smb4k" AND command_line CONTAINS "unmount" AND NOT command_line CONTAINS expected_share_name