CVE-2023-32256
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-04
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | ksmbd | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-421 | The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the Linux kernel's ksmbd component where a race condition occurs between the smb2 close operation and logoff in multichannel connections. This race condition can lead to a use-after-free issue, which means that the system may attempt to use memory after it has been freed, potentially causing instability or exploitation.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a use-after-free condition in the Linux kernel's ksmbd component, which may lead to system crashes or allow an attacker to cause denial of service. According to the CVSS score, it has a high impact on availability (A:H) and a low impact on confidentiality (C:L), with no impact on integrity (I:N).