{"id":"CVE-2023-32251","details":"A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.","modified":"2026-03-15T14:49:58.902909Z","published":"2025-07-31T21:15:26.810Z","references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2023-32251"},{"type":"WEB","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b096d97f47326b1e2dbdef1c91fab69ffda54d17"},{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-23-699/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385852"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"0"},{"fixed":"b096d97f47326b1e2dbdef1c91fab69ffda54d17"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32251.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"the"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}