First published: Wed Jul 05 2023(Updated: )
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <6.4 | 6.4 |
Red Hat Kernel-devel | ||
Linux Kernel | <=6.3.9 | |
Linux Kernel | >=5.15<5.15.111 | |
Linux Kernel | >=5.16<6.1.28 | |
Linux Kernel | >=6.2<6.2.15 | |
Linux Kernel | >=6.3<6.3.2 | |
NetApp H300S Firmware | ||
NetApp H410C Firmware | ||
NetApp H410S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-32248 has a medium severity rating due to its exploitation potential affecting the Linux kernel's ksmbd.
To mitigate CVE-2023-32248, update your Linux kernel to version 6.4 or later, or to the fixed versions if using the Debian Linux package.
CVE-2023-32248 affects Linux kernel versions from 5.15 up to 6.3.9 but is resolved in version 6.4 and subsequent releases.
CVE-2023-32248 specifically impacts the ksmbd component in the Linux kernel, which functions as an in-kernel SMB server.
Yes, CVE-2023-32248 can be exploited remotely due to improper validation of pointers within SMB commands.