Bugzilla – Bug 1211528
VUL-0: CVE-2023-32246: kernel: Linux Kernel ksmbd RCU Callback Race Condition Local Privilege Escalation Vulnerability
Last modified: 2023-05-25 06:27:53 UTC
CVE-2023-32246 This vulnerability allows local attackers to execute arbitrary code on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of unloading of the ksmbd driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32246 https://www.zerodayinitiative.com/advisories/ZDI-23-694/
Reassigning to a concrete person to ensure progress [1] (feel free to pass to next one), see also the process at [2]. The report translates to https://github.com/torvalds/linux/commit/eb307d09fe15844fdaebeb8cc8c9b9e925430aa5 Possibly needed in the `stable` branch before v6.4 is out. [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel [2] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security