CVE-2023-32253 | THREATINT

Description

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.

PUBLISHED Reserved 2023-05-05 | Published 2025-08-02 | Updated 2025-11-20 | Assigner redhat

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Improper Resource Locking

Product status

Default status

unaffected

Any version before 5.15.112

affected

6.0.0 (semvar) before 6.0.*

affected

6.1.0 (semvar) before 6.1.28

affected

6.2.0 (semvar) before 6.2.15

affected

6.3.0 (semvar) before 6.3.2

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Timeline

2025-08-01:	Reported to Red Hat.
2023-05-17:	Made public.

References

access.redhat.com/security/cve/CVE-2023-32253 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2385886 (RHBZ#2385886) issue-tracking

cve.org (CVE-2023-32253)

nvd.nist.gov (CVE-2023-32253)

Download JSON