CVE-2023-32258

moderate-risk

Published 2023-07-24

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (5)

Linux Kernel

H300S

H410S

H500S

H700S

Affected Vendors

Linux Netapp

References (8)

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-32258

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2219809

Third Party Advisory https://security.netapp.com/advisory/ntap-20230915-0011/

Patch https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-32258

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2219809

Third Party Advisory https://security.netapp.com/advisory/ntap-20230915-0011/

Patch https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 12/34 · Low