Linux Distros Unpatched Vulnerability : CVE-2026-12505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a...

UBUNTU-CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helpe...

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

Exploit for CVE-2026-46243

cifswitch-check A shell script to check whether a Linux syste...

Unity Linux 20.1060e / 20.1070e Security Update: cifs-utils (UTSA-2026-016660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016660 advisory. A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host...

CLSA-2026-1778015406 cifs-utils: Fix of CVE-2022-29869

CVE-2022-29869: avoid leaking sensitive credential file content via verbose stderr in mount.cifs option parsing...

Astra Linux – Vulnerability in cifs-utils

In cifs-utils up to version 6.14, a stack-based buffer overflow occurs when parsing the mount.cifs ip= command-line argument. This vulnerability could allow local attackers to gain root privileges...

Astra Linux – Vulnerability in cifs-utils

cifs-utils from version 6.14 onwards, with verbose logging, can cause an information leak when a file contains equal sign characters but is not a valid credentials file...

Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1597)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1597 advisory. A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. Thi...

MiracleLinux 4 : cifs-utils-4.8.1-10.AXS4 (AXSA:2012-595:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-595:02 advisory. The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains tools for mounting shares on...

USN-7688-1 cifs-utils vulnerabilities

Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. CVE-2020-14342 It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file...

Security update for cifs-utils

This update for cifs-utils fixes the following issues: CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials bsc1239680 Patch Instructions: To install this SUSE update use the SUSE recommended installation...

UBUNTU-CVE-2025-2312

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

cifs-utils bug fix and enhancement update

An update is available for cifs-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...

Important: cifs-utils

Issue Overview: A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be...

SUSE CVE-2012-1586

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...

SUSE CVE-2014-2830

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pamcifscreds, allows remote attackers to have unspecified impact via unknown vectors...

SUSE CVE-2020-14342

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges...

SUSE CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges...

cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

...