49 matches found
USN-8496-3 cifs-utils vulnerability
USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before...
TencentOS Server 4: cifs-utils (TSSA-2026:0552)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0552 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Fedora 45 : cifs-utils (2026-90dbff48ca)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-90dbff48ca advisory. Automatic update for cifs-utils-7.6-2.fc45. Changelog Mon Jul 6 2026 Paulo Alcantara - 7.6-2 - cifs.upcall: fix regression with kerberos mounts - Resolves:...
RockyLinux 10 : cifs-utils (RLSA-2026:32990)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:32990 advisory. cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall CVE-2026-12505 Tenable has extracted the preceding description bloc...
RLSA-2026:32990 Important: cifs-utils security update
The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a...
cifs-utils security update
An update is available for cifs-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The SMB/CIFS protocol is a standard file sharing protocol widely deployed...
USN-8496-2 cifs-utils regression
USN-8496-1 fixed a vulnerability in cifs-utils. Unfortunately, the fix introduced a regression with Kerberos mounts. This update reverts the security update until a complete fix is available. We apologize for the inconvenience. Original advisory details: It was discovered that cifs-utils...
RHSA-2026:32990 Red Hat Security Advisory: cifs-utils security update
Bulletin has no description...
Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
...
cifs-utils bug fix and enhancement update
An update is available for cifs-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8...
Linux Distros Unpatched Vulnerability : CVE-2026-12505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a...
CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
UBUNTU-CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
PT-2026-50619
Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description A flaw exists in the cifs.upcall helper that fails to securely drop root privileges before performing user information lookups within a user-controlled environment. A local, low-privileged...
Exploit for CVE-2026-46243
cifswitch-check A shell script to check whether a Linux syste...
Unity Linux 20.1060e / 20.1070e Security Update: cifs-utils (UTSA-2026-016660)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016660 advisory. A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host...
Astra Linux – Vulnerability in cifs-utils
cifs-utils from version 6.14 onwards, with verbose logging, can cause an information leak when a file contains equal sign characters but is not a valid credentials file...
Astra Linux – Vulnerability in cifs-utils
In cifs-utils up to version 6.14, a stack-based buffer overflow occurs when parsing the mount.cifs ip= command-line argument. This vulnerability could allow local attackers to gain root privileges...