CVE-2023-32251
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-11-21
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | ksmbd | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ksmbd component, which is the kernel SMB/CIFS server. A security control meant to prevent dictionary attacks by introducing a 5-second delay during session setup can be bypassed using asynchronous requests. This bypass allows attackers to avoid the delay and potentially perform dictionary attacks more efficiently against user credentials or other authentication mechanisms.
How can this vulnerability impact me? :
The vulnerability can allow attackers to bypass the intended anti-brute-force protection, enabling them to conduct dictionary attacks more efficiently. This could lead to unauthorized access if attackers successfully guess user credentials or other authentication data.