CVE-2023-32246

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: call rcu_barrier() in ksmbd_server_exit()

racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < c053e389db0d892e2ff5a60ec5e533b976503795affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < b80422474ffe44cb5e813cd6da1f1c6bc50fd9d2affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < d4174505016a3b2996eb7ff1530dcabbf15d47b6affected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < 5a7090ccc242ab009ee7769e9d7fad6644dbe9bdaffected
LinuxLinux0626e6641f6b467447c81dd7678a69c66f7746cf < eb307d09fe15844fdaebeb8cc8c9b9e925430aa5affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.111 <= 5.15.*unaffected
LinuxLinux6.1.28 <= 6.1.*unaffected
LinuxLinux6.2.15 <= 6.2.*unaffected
LinuxLinux6.3.2 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

References