CVE-2023-32257 HIGH

CVE-2023-32257: Session race condition remote code execution vulnerability

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-362
Published July 24, 2023
Last update July 29, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Key dates

02Disclosure timeline

July 24, 2023 CVE published
July 29, 2025 Record updated