CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

History

12 Dec 2023, 14:39

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
References (MISC) https://security.netapp.com/advisory/ntap-20230824-0004/ - (MISC) https://security.netapp.com/advisory/ntap-20230824-0004/ - Third Party Advisory
First Time Netapp
Netapp hci
Netapp hci Storage Nodes
Netapp h700s
Netapp h410s
Netapp h300s
Netapp h500s

24 Aug 2023, 19:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230824-0004/ -

17 Jul 2023, 17:42

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-362
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2208849 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2208849 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-698/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-698/ - Third Party Advisory, VDB Entry
References (MISC) https://access.redhat.com/security/cve/CVE-2023-32250 - (MISC) https://access.redhat.com/security/cve/CVE-2023-32250 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
First Time Linux
Linux linux Kernel

10 Jul 2023, 16:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-10 16:15

Updated : 2024-08-21 18:17


NVD link : CVE-2023-32250

Mitre link : CVE-2023-32250

CVE.ORG link : CVE-2023-32250


JSON object : View

Products Affected

netapp

  • h700s
  • h300s
  • hci
  • h500s
  • hci_storage_nodes
  • h410s

linux

  • linux_kernel
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')