CVE-2023-32246
Last modified
CVE-2023-32246 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. EPSS estimates a 0.16% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.15, < 5.15.111 |
| Linux | Linux Kernel | >= 5.16, < 6.1.28 |
| Linux | Linux Kernel | >= 6.2, < 6.2.15 |
| Linux | Linux Kernel | >= 6.3, < 6.3.2 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-32246?
How severe is CVE-2023-32246?
How do I fix CVE-2023-32246?
Are you affected by CVE-2023-32246?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST