Use-After-Free Flaw in Linux Kernel's ksmbd Component Affects Multichannel SMB Connections
CVE-2023-32256

7.5HIGH

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
1 August 2025

What is CVE-2023-32256?

A vulnerability has been identified in the ksmbd component of the Linux kernel, where a race condition occurs between the SMB2 close operation and logoff actions in multichannel connections. This flaw may create conditions that lead to a use-after-free issue, potentially allowing attackers to execute arbitrary code or cause system disruptions. It is crucial for users and administrators to apply necessary patches and updates to mitigate risks associated with this vulnerability.

References

https://access.redhat.com/security/cve/CVE-2023-32256
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2385885
issue-trackingx_refsource_REDHAT
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-32256 : Use-After-Free Flaw in Linux Kernel's ksmbd Component Affects Multichannel SMB Connections