Published: 27 July 2022
Samba AD users can forge password change requests for any user
patches for this issue in the bug for CVE-2022-2031 Fixing this in Ubuntu 18.04 LTS would require substantial code backports. We will not be fixing this issue in Ubuntu 18.04 LTS. In environments where this is of concern, we recommend updating to a more recent Ubuntu version, or disabling kpasswd if this is not passible.
kpasswd is not a critical protocol for the AD DC in most installations, it can be disabled by setting "kpasswd port = 0" in the smb.conf.