CVE-2023-32246

low-risk

Published 2025-08-16

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/5a7090ccc242ab009ee7769e9d7fad6644dbe9bd

Patch https://git.kernel.org/stable/c/b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2

Patch https://git.kernel.org/stable/c/c053e389db0d892e2ff5a60ec5e533b976503795

Patch https://git.kernel.org/stable/c/d4174505016a3b2996eb7ff1530dcabbf15d47b6

Patch https://git.kernel.org/stable/c/eb307d09fe15844fdaebeb8cc8c9b9e925430aa5

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal