CVE-2023-32255

medium

Description

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.

References

https://www.zerodayinitiative.com/advisories/ZDI-23-703/

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d7cb549c2ca20e1f07593f15e936fd54b763028

https://bugzilla.redhat.com/show_bug.cgi?id=2385884

https://access.redhat.com/security/cve/CVE-2023-32255

Details

Source: Mitre, NVD

Published: 2025-08-02

Updated: 2025-08-04

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L