CVE-2023-32254Race Condition in Kernel

CWE-362Race ConditionCWE-413Improper Resource Locking13 documents7 sources
Severity
8.1HIGHNVD
OSV7.1
EPSS
0.1%
top 79.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxMsrc Cbl2 Hyperv-daemons 5.15.145.2-1 ON CBL Mariner 2.0+2 more
Timeline
PublishedJul 10
Latest updateApr 16

Description

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel5.155.15.145+3
Debianlinux/linux_kernel< 6.1.37-1+2
Ubuntulinux/linux_kernel< 5.15.0-102.112

Patches

Patch: bugzilla.redhat.comPatch: www.zerodayinitiative.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
linux-aws, linux-aws-5.15 vulnerabilities2024-04-16
OSV
linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel2024-04-09
GHSA
GHSA-p3v2-rv86-5c5f: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server2023-07-10
OSV
CVE-2023-32254: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server2023-07-10
OSV
linux-oem-6.1 vulnerabilities2023-06-16

📋Vendor Advisories

7
Ubuntu
Linux kernel (AWS) vulnerabilities2024-04-16
Ubuntu
Linux kernel vulnerabilities2024-04-09
Ubuntu
Linux kernel vulnerabilities2023-08-11
Microsoft
Tree connection race condition remote code execution vulnerability2023-07-11
Ubuntu
Linux kernel (OEM) vulnerabilities2023-06-16
CVE-2023-32254 — Race Condition in Linux Kernel | cvebase