Session race condition remote code execution vulnerability
CVE-2023-32257

8.1HIGH

Key Information:

Vendor: Red Hat
Status: kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 24 July 2023

What is CVE-2023-32257?

A vulnerability exists in the Linux kernel's ksmbd, an in-kernel SMB server, which affects the handling of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. Due to inadequate locking mechanisms during object operations, an attacker could exploit this flaw to execute arbitrary code with kernel privileges, thereby compromising system integrity. It is crucial for users and administrators to apply relevant patches to safeguard their systems from potential exploitation.

Affected Version(s)

kernel 6.4-rc1

References

https://access.redhat.com/security/cve/CVE-2023-32257

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2219806

issue-trackingx_refsource_REDHAT

https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
May 5, 2023

Red Hat

What is CVE-2023-32257?

Affected Version(s)

References

CVSS V3.1

Timeline