Home
MEDIUM: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LDefault status
unaffected
Any version before 5.15.111
affected
6.0.0 (semvar) before 6.0.*
affected
6.1.0 (semvar) before 6.1.28
affected
6.2.0 (semvar) before 6.2.15
affected
6.3.0 (semvar) before 6.3.2
affected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Description
A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.
Problem types
Missing Release of Resource after Effective Lifetime
Product status
Any version before 5.15.111
6.0.0 (semvar) before 6.0.*
6.1.0 (semvar) before 6.1.28
6.2.0 (semvar) before 6.2.15
6.3.0 (semvar) before 6.3.2
Timeline
| 2025-08-01: | Reported to Red Hat. |
| 2023-05-17: | Made public. |
References
access.redhat.com/security/cve/CVE-2023-32255
bugzilla.redhat.com/show_bug.cgi?id=2385884 (RHBZ#2385884)
git.kernel.org/...d=6d7cb549c2ca20e1f07593f15e936fd54b763028
www.zerodayinitiative.com/advisories/ZDI-23-703/