CVE-2023-2593 - Vulnerability Details

A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

References

Link	Providers
https://lore.kernel.org/lkml/CAH2r5msyEy20e=FBx6wPWWc3kXzNR4b+zHshSqidRdFKVf_7Jg@mail.gmail.com/

History

Thu, 31 Jul 2025 19:30:00 +0000

Type	Values Removed	Values Added
References	https://access.redhat.com/security/cve/CVE-2023-2593 https://bugzilla.redhat.com/show_bug.cgi?id=2384787

Wed, 30 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 30 Jul 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.
Title		Kernel: ksmbd memory exhaustion denial-of-service vulnerability
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-835
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2023-2593 https://bugzilla.redhat.com/show_bug.cgi?id=2384787 https://lore.kernel.org/lkml/CAH2r5msyEy20e=FBx6wPWWc3kXzNR4b+zHshSqidRdFKVf_7Jg@mail.gmail.com/
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-07-30T15:15:53.952Z

Updated: 2025-07-31T18:53:37.275Z

Reserved: 2023-05-09T12:05:43.066Z

Link: CVE-2023-2593

Vulnrichment

Updated: 2025-07-30T15:32:21.918Z

NVD

Status : Awaiting Analysis

Published: 2025-07-30T16:15:25.980

Modified: 2025-07-31T19:15:27.840

Link: CVE-2023-2593

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object