CVE-2023-32246

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: call rcu_barrier() in ksmbd_server_exit()

racy issue is triggered the bug by racing between closing a connection
and rmmod. In ksmbd, rcu_barrier() is not called at module unload time,
so nothing prevents ksmbd from getting unloaded while it still has RCU
callbacks pending. It leads to trigger unintended execution of kernel
code locally and use to defeat protections such as Kernel Lockdown
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.15 ≤
𝑥
< 5.15.111
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.28
linuxlinux_kernel
6.2 ≤
𝑥
< 6.2.15
linuxlinux_kernel
6.3 ≤
𝑥
< 6.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.137-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.12.38-1
fixed
sid
6.12.38-1
fixed
trixie
6.12.38-1
fixed
trixie (security)
6.12.41-1
fixed
References
https://git.kernel.org/stable/c/5a7090ccc242ab009ee7769e9d7fad6644dbe9bd
https://git.kernel.org/stable/c/b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2
https://git.kernel.org/stable/c/c053e389db0d892e2ff5a60ec5e533b976503795
https://git.kernel.org/stable/c/d4174505016a3b2996eb7ff1530dcabbf15d47b6
https://git.kernel.org/stable/c/eb307d09fe15844fdaebeb8cc8c9b9e925430aa5