kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

smb: client: validate dacloffset before building DACL pointers

...

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

CVE-2026-46195

The CVE-2026-46195 entry concerns a Linux kernel SMB client vulnerability. 32-bit servers can supply a crafted dacloffset that wraps a DACL pointer, allowing dereferencing of DACL fields during chmod/chown if validated only after pointer arithmetic. The flaw occurs in parse_sec_desc(), build_sec_...

EUVD-2026-30503

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that...

EUVD-2019-9880

Malware in sbrugna...

CVE-2019-1321

An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List DACL, aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'...

CVE-2022-21839

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability...

CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability

...

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability

...

CVE-2021-26333

An information disclosure vulnerability exists in AMD Platform Security Processor PSP chipset driver. The discretionary access control list DACL may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages...

CVE-2021-26333 AMD Chipset Driver Information Disclosure Vulnerability

An information disclosure vulnerability exists in AMD Platform Security Processor PSP chipset driver. The discretionary access control list DACL may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages...

Microsoft Windows CloudStore Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List DACL. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacke...

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Guerrilla developer SandboxEscaper has disclosed a second bypass exploit for a patch that fixes a Windows local privilege-escalation LPE flaw — again without notifying Microsoft. The exploit, dubbed “ByeBear,” enables attackers to get past the patch to attack a permissions-overwrite,...

Microsoft Windows (x84) - Task Scheduler (.job) Import Arbitrary Discretionary Access Control List

Exploit for windows platform in category local exploits Microsoft Windows x84 - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two...

Did the “Man With No Name” Feel Insecure?

Posted by James Forshaw, Taker of Names Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed...

CVE-2007-2110

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Acce...