A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-32250 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2208849 | Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230824-0004/ | Third Party Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-23-698/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
12 Dec 2023, 14:39
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp hci Storage Nodes
Netapp h500s Netapp Netapp h700s Netapp hci Netapp h410s Netapp h300s |
|
References | () https://security.netapp.com/advisory/ntap-20230824-0004/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* |
24 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jul 2023, 17:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux
Linux linux Kernel |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-362 | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-32250 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2208849 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-698/ - Third Party Advisory, VDB Entry |
10 Jul 2023, 16:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-10 16:15
Updated : 2023-12-12 14:39
NVD link : CVE-2023-32250
Mitre link : CVE-2023-32250
CVE.ORG link : CVE-2023-32250
JSON object : View
Products Affected
netapp
- h410s
- h500s
- h700s
- hci_storage_nodes
- h300s
- hci
linux
- linux_kernel
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')