CVE-2023-32246 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/5a7090ccc242ab009ee7769e9d7fad6644dbe9bd
https://git.kernel.org/stable/c/b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2
https://git.kernel.org/stable/c/c053e389db0d892e2ff5a60ec5e533b976503795
https://git.kernel.org/stable/c/d4174505016a3b2996eb7ff1530dcabbf15d47b6
https://git.kernel.org/stable/c/eb307d09fe15844fdaebeb8cc8c9b9e925430aa5

History

Sat, 16 Aug 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown
Title		ksmbd: call rcu_barrier() in ksmbd_server_exit()
References		https://git.kernel.org/stable/c/5a7090ccc242ab009ee7769e9d7fad6644dbe9bd https://git.kernel.org/stable/c/b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2 https://git.kernel.org/stable/c/c053e389db0d892e2ff5a60ec5e533b976503795 https://git.kernel.org/stable/c/d4174505016a3b2996eb7ff1530dcabbf15d47b6 https://git.kernel.org/stable/c/eb307d09fe15844fdaebeb8cc8c9b9e925430aa5

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-08-16T13:22:09.212Z

Updated: 2025-08-16T13:22:09.212Z

Reserved: 2023-05-05T10:00:07.894Z

Link: CVE-2023-32246

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-08-16T14:15:26.393

Modified: 2025-08-16T14:15:26.393

Link: CVE-2023-32246

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32246", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2023-05-05T10:00:07.894Z", "datePublished": "2025-08-16T13:22:09.212Z", "dateUpdated": "2025-08-16T13:22:09.212Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-16T13:22:09.212Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: call rcu_barrier() in ksmbd_server_exit()\n\nracy issue is triggered the bug by racing between closing a connection\nand rmmod. In ksmbd, rcu_barrier() is not called at module unload time,\nso nothing prevents ksmbd from getting unloaded while it still has RCU\ncallbacks pending. It leads to trigger unintended execution of kernel\ncode locally and use to defeat protections such as Kernel Lockdown"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ksmbd/server.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c053e389db0d892e2ff5a60ec5e533b976503795", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d4174505016a3b2996eb7ff1530dcabbf15d47b6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "5a7090ccc242ab009ee7769e9d7fad6644dbe9bd", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "eb307d09fe15844fdaebeb8cc8c9b9e925430aa5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ksmbd/server.c"], "versions": [{"version": "5.15.111", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.28", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.15", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.2", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.111"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.28"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.2.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.3.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c053e389db0d892e2ff5a60ec5e533b976503795"}, {"url": "https://git.kernel.org/stable/c/b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2"}, {"url": "https://git.kernel.org/stable/c/d4174505016a3b2996eb7ff1530dcabbf15d47b6"}, {"url": "https://git.kernel.org/stable/c/5a7090ccc242ab009ee7769e9d7fad6644dbe9bd"}, {"url": "https://git.kernel.org/stable/c/eb307d09fe15844fdaebeb8cc8c9b9e925430aa5"}], "title": "ksmbd: call rcu_barrier() in ksmbd_server_exit()", "x_generator": {"engine": "bippy-1.2.0"}}}}