CVE-2023-32248

CVSS v3.1 7.5 (High)

EPSS 0.61 % (79^th)

Affected Products 6

Advisories 6

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-07-24 16:15:11
(14 months ago)
Updated Date: 2023-12-04 14:54:50
(9 months ago)

Affected Products

Linux

Linux Kernel

Netapp

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.15 version and prior 5.15.111 version	cpe:2.3:o:linux:linux_kernel	>= 5.15	< 5.15.111
Linux Kernel from 5.16 version and prior 6.1.28 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.28
Linux Kernel from 6.2 version and prior 6.2.15 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.2.15
Linux Kernel from 6.3 version and prior 6.3.2 version	cpe:2.3:o:linux:linux_kernel	>= 6.3	< 6.3.2

Configuration #2

		CPE23	From	Up To
	Netapp H300s	cpe:2.3:h:netapp:h300s:-
	Netapp H410c	cpe:2.3:h:netapp:h410c:-
	Netapp H410s	cpe:2.3:h:netapp:h410s:-
	Netapp H500s	cpe:2.3:h:netapp:h500s:-
	Netapp H700s	cpe:2.3:h:netapp:h700s:-