Socram8888

**Name of the Vulnerable Software and Affected Versions** ksmbd server versions 3.4.2 and earlier Linux kernel versions 5.15.8 and earlier **Description** The issue is related to the ksmbd server's implementation of the SMB protocol, specifically when using the SMB 3.1.1 protocol. The server sets the `SMB2 GLOBAL CAP ENCRYPTION` flag, which is a violation of the SMB protocol specification. As a result, Windows 10 detects this protocol violation and disables encryption, causing the server to communicate in cleartext even though encryption has been enabled. This could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For ksmbd server versions 3.4.2 and earlier, consider disabling the use of the `SMB2 GLOBAL CAP ENCRYPTION` flag when using the SMB 3.1.1 protocol until a patch is available. For Linux kernel versions 5.15.8 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.