CVE-2023-32246

ksmbd: call rcu_barrier() in ksmbd_server_exit()

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown

N/A
CVSS
Severity:
EPSS 0.27%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c053e389db0d892e2ff5a60ec5e533b976503795
https://git.kernel.org/stable/c/b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2
https://git.kernel.org/stable/c/d4174505016a3b2996eb7ff1530dcabbf15d47b6
https://git.kernel.org/stable/c/5a7090ccc242ab009ee7769e9d7fad6644dbe9bd
https://git.kernel.org/stable/c/eb307d09fe15844fdaebeb8cc8c9b9e925430aa5

Frequently Asked Questions

What is the severity of CVE-2023-32246?
CVE-2023-32246 has not yet been assigned a CVSS score.
How to fix CVE-2023-32246?
To fix CVE-2023-32246, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-32246 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-32246 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-32246?
CVE-2023-32246 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.