Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-32254

Опубликовано: 17 мая 2023
Источник: redhat
CVSS3: 8.1

Описание

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Отчет

No Red Hat products are affected by this flaw, as the ksmbd code is not included in any shipping release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-667->CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=2191658kernel: ksmbd: tree connection race condition remote code execution vulnerability

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-32254

CVSS3: 9.8
ubuntu
почти 2 года назад

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

nvd логотип

CVE-2023-32254

CVSS3: 9.8
nvd
почти 2 года назад

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

debian логотип

CVE-2023-32254

CVSS3: 9.8
debian
почти 2 года назад

A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...

github логотип

GHSA-p3v2-rv86-5c5f

CVSS3: 9.8
github
почти 2 года назад

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

fstec логотип

BDU:2023-02749

CVSS3: 8.1
fstec
около 2 лет назад

Уязвимость модуля ksmbd ядра операционных систем Linux, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность защищаемой информации и выполнить произвольный код

8.1 High

CVSS3