CVE-2023-32256: Kernel: ksmbd race issue from smb2 close and logoff with multichannel
A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue.
Security readout for executives and security teams
Plain-English summary
CVE-2023-32256 is a Linux kernel ksmbd flaw that can cause memory corruption during certain SMB multichannel sessions. The main business risk is service disruption on systems using the in-kernel SMB server. Available sources do not show active exploitation or Red Hat impact.
Executive priority
Treat this as high priority where ksmbd is deployed or externally reachable. It is less urgent for standard Red Hat fleets marked unaffected or systems not using ksmbd. Prioritize inventory first, then patch or disable the service based on actual exposure.
Technical view
The flaw is a race condition between SMB2 close and logoff handling in ksmbd multichannel connections, leading to use-after-free. The CVSS 3.1 score is 7.5 with network reachability, no privileges, no user interaction, high attack complexity, low confidentiality impact, and high availability impact.
Likely exposure
Exposure appears limited to Linux systems running ksmbd on affected kernel lines listed as 6.0.0, 6.1.0, 6.2.0, and 6.3.0. Red Hat Enterprise Linux 6, 7, 8, 9, and 10 entries are listed as unaffected in the provided source bundle.
Exploitation context
The provided data says this CVE is not in KEV, and no cited source states active exploitation. ZDI published an advisory, and an upstream Linux commit is referenced. Attack feasibility is constrained by high attack complexity and the need for ksmbd multichannel race timing.
Researcher notes
Evidence supports a ksmbd multichannel use-after-free race, not a broad Linux SMB issue across all implementations. The source bundle gives affected kernel lines and an upstream commit reference, but does not provide exploit details, confirmed exploitation, or complete distribution-specific fixed versions.
Mitigation direction
Identify systems using the Linux ksmbd in-kernel SMB server.
Check distribution or vendor advisories for kernels containing the referenced upstream fix.
Apply supported kernel updates where your vendor marks this CVE fixed.
Disable ksmbd where it is not required for business operations.
Restrict SMB exposure to trusted networks where feasible.
Validation and detection
Inventory kernel versions and confirm whether ksmbd is enabled.
Check whether exposed SMB services are kernel ksmbd rather than another SMB implementation.
Verify Red Hat systems against Red Hat’s unaffected product status.
Confirm patched systems run a vendor kernel containing the upstream correction.
Review monitoring for ksmbd crashes or abnormal SMB session failures.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-421: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.