Vulnerability Details : CVE-2023-32258
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Vulnerability category: Execute code
Products affected by CVE-2023-32258
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32258
6.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32258
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2023-32258
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: secalert@redhat.com (Secondary)
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-32258
-
https://bugzilla.redhat.com/show_bug.cgi?id=2219809
2219809 – (CVE-2023-32258, ZDI-23-706, ZDI-CAN-20796) CVE-2023-32258 kernel: ksmbd: session race condition remote code execution vulnerabilityIssue Tracking;Patch;Third Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/
ZDI-23-706 | Zero Day InitiativePatch;Third Party Advisory;VDB Entry
-
https://access.redhat.com/security/cve/CVE-2023-32258
CVE-2023-32258- Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20230915-0011/
July 2023 Linux Kernel 6.3.9 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to