CVE-2023-32254

moderate-risk

Published 2023-07-10

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Linux Kernel

Hci Management Node

H300S

H410S

H500S

H700S

Affected Vendors

Linux Netapp

References (8)

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-32254

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2191658

Third Party Advisory https://security.netapp.com/advisory/ntap-20230824-0004/

Patch https://www.zerodayinitiative.com/advisories/ZDI-23-702/

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-32254

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2191658

Third Party Advisory https://security.netapp.com/advisory/ntap-20230824-0004/

Patch https://www.zerodayinitiative.com/advisories/ZDI-23-702/

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 0/34 · Minimal

Exposure 13/34 · Low