We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.
Reserved 2023-05-05 | Published 2025-07-31 | Updated 2025-08-01 | Assigner redhatImproper Restriction of Excessive Authentication Attempts
2025-07-31: | Reported to Red Hat. |
2023-05-17: | Made public. |
git.kernel.org/...d=b096d97f47326b1e2dbdef1c91fab69ffda54d17
www.zerodayinitiative.com/advisories/ZDI-23-699/
Support options