CVE-2023-32256

Published: August 5, 2025Last modified: August 5, 2025

Description

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue.

Severity score breakdown

Parameter	Value
Base score	7.5
Attack Vector	NETWORK
Attack complexity	HIGH
Privileges required	NONE
User interaction	NONE
Scope	CHANGED
Confidentiality	LOW
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

Notes

It has been fixed in v6.1.29 long time ago.

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	linux-lts	Not affected (6.1.33-r0)
	25 LTS	linux-lts	Not affected (6.6.89-r0)
	Stream	linux-lts	Not affected (6.1.33-r0)

References

https://access.redhat.com/security/cve/CVE-2023-32256
https://bugzilla.redhat.com/show_bug.cgi?id=2385885
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abcc506a9a71976a8b4c9bf3ee6efd13229c1e19
https://www.zerodayinitiative.com/advisories/ZDI-23-704/