CVE-2023-32250Race Condition in Kernel

CWE-362Race ConditionCWE-413Improper Resource Locking23 documents7 sources
Severity
8.1HIGHNVD
OSV7.8OSV7.1
EPSS
0.1%
top 71.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxMsrc Cbl2 Hyperv-daemons 5.15.145.2-1 ON CBL Mariner 2.0+2 more
Timeline
PublishedJul 10
Latest updateFeb 15

Description

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel5.155.15.145+3
Debianlinux/linux_kernel< 6.1.37-1+2
Ubuntulinux/linux_kernel< 5.15.0-94.104

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

10
OSV
linux-intel-iotg-5.15 vulnerabilities2024-02-15
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-02-15
OSV
linux-lowlatency, linux-raspi vulnerabilities2024-02-14
OSV
linux-intel-iotg vulnerabilities2024-02-09
OSV
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, li2024-02-08

📋Vendor Advisories

12
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-02-15
Ubuntu
Linux kernel (Azure) vulnerabilities2024-02-15
Ubuntu
Linux kernel vulnerabilities2024-02-14
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-02-09
Ubuntu
Linux kernel vulnerabilities2024-02-08
CVE-2023-32250 — Race Condition in Linux Kernel | cvebase