CVE-2023-32250
Public on 2023-05-22
Modified on 2024-03-01
Description
A vulnerability was found in fs/ksmbd/connection.c in ksmbd in the Linux Kernel. This flaw allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.
The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Severity
Critical
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | Not Affected | ||
| Amazon Linux 2 - Core | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | Not Affected | ||
| Amazon Linux 2023 | kernel | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 9.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
| NVD | CVSSv3 | 9.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |