Lucene search
K

36 matches found

RedHat Linux
RedHat Linux
added 2026/06/30 11:30 a.m.5 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS6.7AI score0.00353EPSS
Exploits4References7
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...

7.8CVSS5.7AI score0.00353EPSS
Exploits4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

A flaw was discovered in the handling of SMB2 read requests within the kernel’s ksmbd module. The issue arises due to the lack of proper validation of user-provided data, which can lead to reading data beyond the end of an allocated buffer. An attacker can exploit this vulnerability to disclose...

7.5CVSS7AI score0.01095EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 11:47 a.m.7 views

EUVD-2026-26367

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

5.5AI score0.00129EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:47 a.m.4 views

CVE-2026-31693

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

7.8CVSS5.6AI score0.00129EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006803 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...

7.8CVSS6.2AI score0.00246EPSS
Exploits0References3
OSV
OSV
added 2026/01/19 12:0 a.m.8 views

ALSA-2026:0760 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: smb: client: Fix use-after-free in cifsfilldirent CVE-2025-38051 kernel: smb: client: let recvdone verify dataoffset, datalength a...

7.8CVSS7.2AI score0.00183EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001859)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001859 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...

7.8CVSS6.2AI score0.03725EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002329 advisory. The cifsiovecwrite function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requeste...

7.2CVSS7AI score0.00414EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000296)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000296 advisory. An issue was discovered in the Linux kernel before 5.0.10. SMB2read in fs/cifs/smb2pdu.c has a use-after- free. NOTE: this was not fixed correctly in 5.0.10; see the...

4.3CVSS6.5AI score0.01767EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/12/30 1:16 p.m.3 views

CVE-2023-54260

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

5.9AI score0.00173EPSS
Exploits0References9
OSV
OSV
added 2025/12/09 1:16 a.m.5 views

DEBIAN-CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

5.3AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 2:15 a.m.12 views

UBUNTU-CVE-2023-53751

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

5.7AI score0.00162EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-42062

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description An issue exists in the Windows SMB Server component related to improper access control. Exploitation of this issue can allow an attacker to elevate privileges over a network. This ca...

7.5CVSS9.4AI score0.00978EPSS
Exploits0References24
OSV
OSV
added 2025/10/04 4:15 p.m.8 views

UBUNTU-CVE-2023-53597

In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection. But we do not return the mi...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References7
CVE
CVE
added 2025/08/16 11:12 a.m.42 views

CVE-2025-38523

The CVE-2025-38523 issue affects the Linux kernel CIFS client/server path (smbd_recv/smbd_readv) where data copied from the smbd_response slab via copy_to_iter() could trigger kernel memory exposure when CONFIG_HARDENED_USERCOPY is enabled. The root cause is that the smbd_response slab’s packet f...

5.5CVSS6.8AI score0.00143EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-37844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifsserverdbg implies server to be non-NULL...

5.5CVSS6.2AI score0.00241EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/08/07 7:0 a.m.2 views

smb: client: fix potential deadlock when reconnecting channels

...

7CVSS7AI score0.00107EPSS
Exploits0
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.85 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the closetimeo mount option. The user-provided closetimeo mount parameter, of type u32, is intended to have an upper limit. However, before this limit is validated, the value...

5.5CVSS6.3AI score0.00179EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow during the processing of the acregmax mount option. The user-provided mount parameter acregmax, of type u32, is intended to have an upper limit. However, before it is validated, the value is...

5.5CVSS6.3AI score0.00178EPSS
Exploits0References3
Rows per page
Query Builder