CVE-2023-32257Race Condition in Kernel

CWE-362Race ConditionCWE-667Improper LockingCWE-413Improper Resource Locking21 documents7 sources
Severity
8.1HIGHNVD
OSV7.8
EPSS
0.1%
top 70.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Hyperv-daemons 5.15.145.2-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedJul 24
Latest updateFeb 15

Description

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.155.15.145+3
Debianlinux/linux_kernel< 6.1.37-1+2
Ubuntulinux/linux_kernel< 5.15.0-94.104
debiandebian/linux< linux 6.1.37-1 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: www.zerodayinitiative.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

9
OSV
linux-intel-iotg-5.15 vulnerabilities2024-02-15
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-02-15
OSV
linux-lowlatency, linux-raspi vulnerabilities2024-02-14
OSV
linux-intel-iotg vulnerabilities2024-02-09
OSV
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, li2024-02-08

📋Vendor Advisories

11
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-02-15
Ubuntu
Linux kernel (Azure) vulnerabilities2024-02-15
Ubuntu
Linux kernel vulnerabilities2024-02-14
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-02-09
Ubuntu
Linux kernel vulnerabilities2024-02-08
CVE-2023-32257 — Race Condition in Linux Kernel | cvebase