Session race condition remote code execution vulnerability
CVE-2023-32258

8.1HIGH

Key Information:

Vendor: Red Hat
Status: Kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 24 July 2023

What is CVE-2023-32258?

A vulnerability has been identified in the Linux kernel's ksmbd, which functions as a high-performance in-kernel SMB server. This flaw involves improper locking during the handling of SMB2_LOGOFF and SMB2_CLOSE commands. Due to this security lapse, an attacker could exploit the vulnerability to execute arbitrary code within the kernel context, potentially compromising system integrity and security.

Affected Version(s)

kernel 6.4-rc1

References

https://access.redhat.com/security/cve/CVE-2023-32258

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2219809

issue-trackingx_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20230915-0011/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
May 5, 2023

Red Hat

What is CVE-2023-32258?

Affected Version(s)

References

CVSS V3.1

Timeline