Use-After-Free Flaw in Linux Kernel's ksmbd Component Affects Multichannel SMB Connections
CVE-2023-32256

7.5HIGH

Key Information:

What is CVE-2023-32256?

A vulnerability has been identified in the ksmbd component of the Linux kernel, where a race condition occurs between the SMB2 close operation and logoff actions in multichannel connections. This flaw may create conditions that lead to a use-after-free issue, potentially allowing attackers to execute arbitrary code or cause system disruptions. It is crucial for users and administrators to apply necessary patches and updates to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-32256 : Use-After-Free Flaw in Linux Kernel's ksmbd Component Affects Multichannel SMB Connections