CVE-2023-32251 LOW

CVE-2023-32251: Kernel: ksmbd brute force delay bypass via asynchronous requests

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-307 · Brute force
Published July 31, 2025
Last update June 30, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.

Key dates

02Disclosure timeline

July 31, 2025 CVE published
June 30, 2026 Record updated