Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-32250
HistoryMay 22, 2023 - 12:00 a.m.

CVE-2023-32250

2023-05-2200:00:00
ubuntu.com
ubuntu.com
37
linux kernel
ksmbd
smb server
vulnerability
code execution
bugzilla
locking
object operations

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

73.3%

A flaw was found in the Linux kernel’s ksmbd, a high-performance in-kernel
SMB server. The specific flaw exists within the processing of
SMB2_SESSION_SETUP commands. The issue results from the lack of proper
locking when performing operations on an object. An attacker can leverage
this vulnerability to execute code in the context of the kernel.

Bugs

Notes

Author Note
rodrigo-zaiden needs ksmbd-tools installed to enable the service, which is not installed by default. same fix as CVE-2023-32252, CVE-2023-32257
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-94.104UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-32.32UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1053.58UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1011.11UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1053.58~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.2< 6.2.0-1011.11~22.04.1UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1056.64UNKNOWN
ubuntu23.04noarchlinux-azure< 6.2.0-1011.11UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1056.64~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-fde< 5.15.0-1056.64.1UNKNOWN
Rows per page:
1-10 of 441

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

73.3%