Login Sign Up

CVE-2023-32247

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's ksmbd SMB server allows attackers to cause denial-of-service by exploiting improper resource consumption handling during SMB2 session setup. Systems running affected Linux kernel versions with ksmbd enabled are vulnerable. The flaw requires network access to the SMB service.

💻 Affected Systems

Products:
  • Linux kernel ksmbd module
Versions: Linux kernel versions with ksmbd support up to the fix
Operating Systems: Linux distributions with ksmbd enabled
Default Config Vulnerable: ✅ No
Notes: ksmbd is not enabled by default in most distributions; requires explicit module loading or kernel configuration.

📦 What is this software?

H300s by Netapp

View all CVEs affecting H300s →

H410s by Netapp

View all CVEs affecting H410s →

H500s by Netapp

View all CVEs affecting H500s →

H700s by Netapp

View all CVEs affecting H700s →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to resource exhaustion, potentially requiring reboot to restore service.

🟠

Likely Case

SMB service disruption affecting file sharing and authentication services, with possible kernel instability.

🟢

If Mitigated

Minimal impact if ksmbd is disabled or properly firewalled, with only authenticated users affected.

🌐 Internet-Facing: MEDIUM - Requires SMB port exposure and ksmbd enabled, but SMB should not be internet-facing.
🏢 Internal Only: HIGH - Internal attackers can disrupt critical file sharing services affecting business operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires sending crafted SMB2_SESSION_SETUP packets to the ksmbd service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions with commit addressing CVE-2023-32247

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2023-32247

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system. 3. Verify ksmbd module loads patched version.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Prevent loading of vulnerable ksmbd kernel module

echo 'blacklist ksmbd' >> /etc/modprobe.d/blacklist-ksmbd.conf
rmmod ksmbd

Firewall SMB ports

linux

Block access to SMB ports (445/tcp, 139/tcp)

iptables -A INPUT -p tcp --dport 445 -j DROP
iptables -A INPUT -p tcp --dport 139 -j DROP

🧯 If You Can't Patch

  • Disable ksmbd service completely if not required
  • Implement network segmentation to restrict SMB access to trusted hosts only

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd

Check Version:

uname -r

Verify Fix Applied:

Check kernel version is patched: uname -r and verify against distribution security advisories

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing ksmbd resource exhaustion
  • Multiple failed SMB2_SESSION_SETUP attempts

Network Indicators:

  • Unusual volume of SMB2_SESSION_SETUP packets
  • Traffic to port 445 from unexpected sources

SIEM Query:

source="kernel" AND "ksmbd" AND ("resource" OR "exhaustion" OR "denial")

📊 Metadata

CVE ID: CVE-2023-32247
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: July 24, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32247, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)