Login Sign Up

CVE-2023-38432

9.1 CRITICAL
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's ksmbd SMB server allows attackers to trigger an out-of-bounds read by sending specially crafted SMB packets with mismatched payload size and RFC1002 length specifications. Systems running Linux kernels before 6.3.10 with ksmbd enabled are affected, potentially leading to information disclosure or system crashes.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions before 6.3.10
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if ksmbd (kernel SMB server) is enabled and configured. Many distributions don't enable ksmbd by default.

📦 What is this software?

H300s by Netapp

View all CVEs affecting H300s →

H410s by Netapp

View all CVEs affecting H410s →

H500s by Netapp

View all CVEs affecting H500s →

H700s by Netapp

View all CVEs affecting H700s →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire by Netapp

View all CVEs affecting Solidfire →

Solidfire \& Hci Storage Node by Netapp

View all CVEs affecting Solidfire \& Hci Storage Node →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of kernel memory contents, potential kernel panic leading to denial of service, or as a stepping stone for further exploitation.

🟠

Likely Case

Denial of service through kernel panic or system crash, with possible information leakage from kernel memory.

🟢

If Mitigated

Limited impact if ksmbd is disabled or network access is restricted; patched systems are unaffected.

🌐 Internet-Facing: HIGH if ksmbd is exposed to untrusted networks, as exploitation requires only network access to SMB service.
🏢 Internal Only: MEDIUM if ksmbd is used internally; risk depends on internal network segmentation and trust boundaries.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted SMB packets to the vulnerable service. No authentication needed if service is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 6.3.10 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 6.3.10 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Prevent loading of vulnerable ksmbd kernel module

echo 'blacklist ksmbd' >> /etc/modprobe.d/blacklist-ksmbd.conf
rmmod ksmbd

Block SMB network access

linux

Use firewall rules to block access to SMB ports

iptables -A INPUT -p tcp --dport 445 -j DROP
iptables -A INPUT -p tcp --dport 139 -j DROP

🧯 If You Can't Patch

  • Disable ksmbd service if not required
  • Implement strict network segmentation and firewall rules to limit SMB access

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd. Check kernel version: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 6.3.10 or later: uname -r. Confirm ksmbd is not loaded or updated.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • ksmbd service crashes
  • unusual SMB protocol errors

Network Indicators:

  • Malformed SMB packets with size/length mismatches
  • unusual traffic to port 445/139

SIEM Query:

source="kernel" AND ("panic" OR "Oops") OR source="ksmbd" AND ("error" OR "crash")

📊 Metadata

CVE ID: CVE-2023-38432
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: July 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38432, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)