kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

CVE-2026-46195

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...

UBUNTU-CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

UBUNTU-CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

CVE-2026-46185

The CVE-2026-46185 issue affects the Linux kernel SMB client. The root cause is insufficient length validation in smb2_check_message() when processing symlink error responses, allowing a symlink_data() path to read beyond the buffer if iov_len is smaller than the 64-byte SMB2 header and accessing...

EUVD-2026-32812

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

CVE-2026-46155

CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...

EUVD-2026-32766

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

EUVD-2024-55603

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

net: caif: clear client service pointer on teardown

...

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

CVE-2026-9803

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...