LiveActive security incident?Get immediate response
CVE Record

CVE-2023-2593: Kernel: ksmbd memory exhaustion denial-of-service vulnerability

A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.

MediumCVSS 5.9Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel denial-of-service issue described as memory not being released after new TCP connections. An unauthenticated remote attacker could exhaust memory and affect availability. The source bundle does not show active exploitation, and Red Hat lists the referenced RHEL versions as unaffected.

Executive priority

Treat as a moderate availability risk. It does not indicate data theft or code execution, but exposed Linux file-sharing systems could suffer outages. Validate exposure before emergency action, especially because Red Hat lists referenced releases as unaffected.

Technical view

CVE-2023-2593 concerns kernel ksmbd handling of new TCP connections, causing memory exhaustion after object lifetime ends. CVSS 3.1 is 5.9, network reachable, high complexity, no privileges or user interaction, availability-only impact. Exact affected upstream kernel versions are not identified in the provided bundle.

Likely exposure

Exposure is most relevant to Linux systems using ksmbd or similar affected kernel TCP handling reachable from untrusted networks. The provided affected list does not identify vulnerable versions and marks Red Hat Enterprise Linux 6 through 10 kernel variants as unaffected.

Exploitation context

No cited source or KEV signal in the bundle supports active exploitation. The vulnerability requires network access and high attack complexity, with impact limited to service or system availability through memory exhaustion.

Researcher notes

The bundle has incomplete affected-version detail and no named patch. The Red Hat data marks multiple RHEL releases unaffected, while the CVE description frames the flaw generically in Linux kernel TCP connection handling under a ksmbd title. Avoid broad assumptions beyond vendor confirmation.

Mitigation direction

  • Check kernel vendor advisories for affected version status and fixed packages.
  • Prioritize systems exposing ksmbd or related kernel TCP services to untrusted networks.
  • Restrict untrusted network access to affected services where business operations allow.
  • Monitor memory pressure and availability alerts on exposed Linux file-sharing hosts.
  • Confirm Red Hat applicability because listed RHEL kernel packages are marked unaffected.

Validation and detection

  • Inventory Linux hosts running ksmbd or relevant kernel SMB services.
  • Compare kernel package versions against vendor CVE guidance and errata.
  • Verify whether service ports are reachable from untrusted networks.
  • Review monitoring for memory exhaustion, restarts, or availability degradation.
  • Track CVE and vendor updates because affected versions are incomplete here.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-835: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2023-2593 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.9 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
5Timeline events
1ADP providers
4Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.9CVSS 3.1MediumCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H2.23.6redhat

Vulnerability scoring details

Base CVSS 3.1 score

5.9Medium
CVSS 3.1 vector shape for CVE-2023-2593Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. Source timelineredhat

    Made public.

  3. Source timelineredhat

    Reported to Red Hat.

  4. CVE publishedCVE Program

    The CVE record was published.

  5. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Unknown vendorlinuxlinux, 0unaffected
Red HatRed Hat Enterprise Linux 10kernelunaffected
Red HatRed Hat Enterprise Linux 6kernelunaffected
Red HatRed Hat Enterprise Linux 7kernelunaffected
Red HatRed Hat Enterprise Linux 7kernel-rtunaffected
Red HatRed Hat Enterprise Linux 8kernelunaffected
Red HatRed Hat Enterprise Linux 8kernel-rtunaffected
Red HatRed Hat Enterprise Linux 9kernelunaffected
Red HatRed Hat Enterprise Linux 9kernel-rtunaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.