22 matches found
SUSE CVE-2026-46195
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...
kernel: smb: client: validate dacloffset before building DACL pointers
A flaw was found in the Linux kernel's Server Message Block SMB client. A malicious server can exploit this vulnerability on 32-bit systems by providing a crafted dacloffset value. This can cause a pointer wrap, leading to the dereferencing of invalid Discretionary Access Control List DACL fields...
CVE-2026-46195
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...
UBUNTU-CVE-2026-46195
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...
CVE-2026-46195
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...
CVE-2026-46195
The CVE-2026-46195 entry concerns a Linux kernel SMB client vulnerability. 32-bit servers can supply a crafted dacloffset that wraps a DACL pointer, allowing dereferencing of DACL fields during chmod/chown if validated only after pointer arithmetic. The flaw occurs in parse_sec_desc(), build_sec_...
kernel: smb: client: validate dacloffset before building DACL pointers
A flaw was found in the Linux kernel's Server Message Block SMB client. A malicious server can exploit this vulnerability on 32-bit systems by providing a crafted dacloffset value. This can cause a pointer wrap, leading to the dereferencing of invalid Discretionary Access Control List DACL fields...
kernel: smb: client: validate dacloffset before building DACL pointers
A flaw was found in the Linux kernel's Server Message Block SMB client. A malicious server can exploit this vulnerability on 32-bit systems by providing a crafted dacloffset value. This can cause a pointer wrap, leading to the dereferencing of invalid Discretionary Access Control List DACL fields...
PT-2026-44318
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB client where the server-supplied dacloffset is added to pntsd before verifying if a DACL header fits within the returned security descriptor. On 32-bit builds,...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation of the dacloffset value in the smb client. Malicious servers can return a...
EUVD-2025-11246
Malicious code in bioql PyPI...
ksmbd: fix overflow in dacloffset bounds check
...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed an overflow issue in the bounds check of the dacloffset field. The dacloffset field was originally defined as an int type and was used in an unchecked addition operation. This could lead to an overflow condition,...
SUSE CVE-2025-22039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
DEBIAN-CVE-2025-22039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
CVE-2025-22039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
UBUNTU-CVE-2025-22039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
CVE-2025-22039 ksmbd: fix overflow in dacloffset bounds check
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
CVE-2025-22039
CVE-2025-22039 is a Linux kernel vulnerability in ksmbd where an overflow in the dacloffset bounds check could bypass the DACL checks, causing out-of-bounds access and a kernel crash when dereferencing a DACL pointer. The fix converts dacloffset from int to unsigned int and uses check_add_overflo...