CVE-2023-32258Race Condition in Kernel

CWE-362Race ConditionCWE-667Improper LockingCWE-413Improper Resource Locking15 documents7 sources
Severity
8.1HIGHNVD
OSV7.8
EPSS
0.1%
top 72.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Hyperv-daemons 5.15.145.2-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedJul 24
Latest updateApr 16

Description

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.155.15.145+3
Debianlinux/linux_kernel< 6.1.37-1+2
Ubuntulinux/linux_kernel< 5.15.0-102.112
debiandebian/linux< linux 6.1.37-1 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: www.zerodayinitiative.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

6
OSV
linux-aws, linux-aws-5.15 vulnerabilities2024-04-16
OSV
linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel2024-04-09
OSV
linux-gcp, linux-gcp-6.2, linux-ibm, linux-oracle, linux-starfive vulnerabilities2023-09-08
OSV
linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi vulnerabilities2023-09-05
OSV
CVE-2023-32258: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server2023-07-24

📋Vendor Advisories

8
Ubuntu
Linux kernel (AWS) vulnerabilities2024-04-16
Ubuntu
Linux kernel vulnerabilities2024-04-09
Ubuntu
Linux kernel vulnerabilities2023-09-08
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-06
Ubuntu
Linux kernel vulnerabilities2023-09-05
CVE-2023-32258 — Race Condition in Linux Kernel | cvebase