CVE-2023-32255

EPSS 0.1%
Published 02.08.2025 22:25:45
Last modified 04.08.2025 15:06:15
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type,  potentially leading to resource exhaustion.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/

≫

Package linux

Default Statusunaffected

Version < 5.15.111

Version 0

Status affected

Version < 6.0.*

Version 6.0.0

Status affected

Version < 6.1.28

Version 6.1.0

Status affected

Version < 6.2.15

Version 6.2.0

Status affected

Version < 6.3.2

Version 6.3.0

Status affected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 10

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 6

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 7

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 7

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusunaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.288

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://access.redhat.com/security/cve/CVE-2023-32255

https://bugzilla.redhat.com/show_bug.cgi?id=2385884

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d7cb549c2ca20e1f07593f15e936fd54b763028

https://www.zerodayinitiative.com/advisories/ZDI-23-703/

https://nvd.nist.gov/vuln/detail/CVE-2023-32255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32255

EUVD