ZDI-23-702: Linux Kernel ksmbd Tree Connection Race Condition Remote Code Execution Vulnerability
First published: Wed May 17 2023(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-23-702?
The severity of ZDI-23-702 is critical with a severity value of 9.
What is the affected software for ZDI-23-702?
The affected software for ZDI-23-702 is Linux Kernel.
Is authentication required to exploit ZDI-23-702?
No, authentication is not required to exploit ZDI-23-702.
Which systems are vulnerable to ZDI-23-702?
Only systems with ksmbd enabled are vulnerable to ZDI-23-702.
How can I fix ZDI-23-702?
Currently, there is no known fix for ZDI-23-702. It is recommended to follow the suggestions provided by the vendor or the advisory.
- collector/zdi-published
- alias/ZDI-CAN-20592
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/title
- agent/source
- agent/description
- agent/tags
- agent/softwarecombine
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-702
- alias/CVE-2023-32254
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/red hat kernel-devel