3167 matches found
kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon...
Linux Distros Unpatched Vulnerability : CVE-2026-12505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed a soft lockup during fsstress. The following issues were observed during fsstress, and the system became hung. 130.698396 watchdog: BUG: Soft lockup – CPU6 got stuck for 26 seconds!...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a potential deadlock that could occur when reconnecting channels. Fixed the function cifssignalcifsdforreconnect to follow the correct lock order and prevent the following deadlock from occurring:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: TCP: fixed page frag corruption upon a page fault. Steffen reported a corruption of the TCP stream for HTTP requests served by the Apache web-server, using a CIFS mount-point and the corresponding file’s memory mapping. The root...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Fixed a NULLptrderef in rxeqpdocleanup, when socket creation fails. There is a NULLptrderef in the mount.cifs operation over RDMA: - BUG: KASAN: NULLptrderef in rxeqpdocleanup+0x2f3/0x360 rdmarxe - Reading of a 8-byt...
Astra Linux – Vulnerability in cifs-utils
In cifs-utils up to version 6.14, a stack-based buffer overflow occurs when parsing the mount.cifs ip= command-line argument. This vulnerability could allow local attackers to gain root privileges...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed a UAF in cifsdemultiplexthread There is a UAF when performing xfstests on cifs: BUG: KASAN: Use-after-free in smb2isnetworknamedeleted+0x27/0x160 Reading a size 4 value at address ffff88810103fc08 by task cifsd/923...
Astra Linux – Vulnerability in Linux 5.10
A vulnerability has been discovered in the Linux kernel. It has been rated as problematic. The affected component is the sessfreebuffer function in the fs/cifs/sess.c file of the CIFS Handler module. This vulnerability can lead to double-free operations. It is recommended that patches be applied ...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a potential Use-after-Allocation UAF in cifsstatsprocwrite. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a potential Use-after-Allocation UAF in cifsstatsprocshow. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cifs: fixed a underflow issue in parseserverinterfaces. In this loop, we iterate through the buffer. After processing each item, we check whether the sizeleft is greater than the minimum size required. However, the problem arises...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a use-after-free bug in cifsdebugdataprocShow Skipped SMB sessions that are being terminated e.g., @ses-sesstatus == SESEXITING in cifsdebugdataProcShow to avoid use-after-free issues with @ses. This fix...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an oops due to uninitialized server-smbdconn during reconnection. In smbddestroy, the pointer to server-smbdconn is cleared after freeing the smbdconnection struct it points to, so that reconnection won’t be confused...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The binding mark of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 library. The cifs.ko module can send session setup requests using a reused connection. If a reuse...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the xid leak in cifssesaddchannel Before returning, it is necessary to free the xid; otherwise, the xid will be leaked...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the potential use of a null pointer in destroyworkqueue within the error path of initcifs. Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 initcifs Error: We previously assumed th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fixed an out-of-bounds read in cifssanitizeprepath. When cifssanitizeprepath is called with an empty string or a string containing only delimiters e.g., /, the current logic attempts to check cursor2 - 1 before...