CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-32255
https://bugzilla.redhat.com/show_bug.cgi?id=2385884
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d7cb549c2ca20e1f07593f15e936fd54b763028
https://www.zerodayinitiative.com/advisories/ZDI-23-703/

Configurations

No configuration.

History

04 Aug 2025, 15:06

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en el componente ksmbd del kernel de Linux. Puede producirse una fuga de memoria si un cliente envía una solicitud de configuración de sesión con un tipo de mensaje NTLMSSP desconocido, lo que podría provocar el agotamiento de recursos.

02 Aug 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-02 23:15

Updated : 2025-08-04 15:06

NVD link : CVE-2023-32255

Mitre link : CVE-2023-32255

CVE.ORG link : CVE-2023-32255

JSON object : View

Products Affected

No product.

CWE

CWE-772

Missing Release of Resource after Effective Lifetime

5.3 /10