CVE-2023-32251 – Linux Kernel ksmbd Dictionary Attack Bypass

CVE ID : CVE-2023-32251

Published : July 31, 2025, 9:15 p.m. | 18 minutes ago

Description : A vulnerability has been identified in the Linux kernel’s ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…