PT-2023-2823 · Linux+5 · Linux Kernel+5

Quentin Minster

Published

2023-04-27

Updated

2024-08-21

CVE-2023-32254

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel ksmbd (affected versions not specified)

Description A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of "SMB2 TREE DISCONNECT" commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this issue to execute code in the context of the kernel. The exploitation of this flaw may allow a remote attacker to impact the integrity, availability, and confidentiality of protected information and execute arbitrary code using the "SMB2 TREE DISCONNECT" command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2023-4482

ALT-PU-2023-4663

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-27402

AZL-27634

BDU:2023-02749

CVE-2023-32254

DSA-5448-1

OESA-2023-1781

OESA-2023-1782

OESA-2023-1783

USN-6173-1

USN-6283-1

USN-6725-1

USN-6725-2

ZDI-23-702

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Linuxmint

Red Os

Ubuntu

PT-2023-2823 · Linux+5 · Linux Kernel+5

CVE-2023-32254

Weakness Enumeration

Related Identifiers

Affected Products

References · 114