Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the use-of-free issue in session logout. The sess-user object may currently be used by another thread. For example, if another connection sends a session setup request to make the session available for use. The handl...

CVE-2026-31478

A flaw was found in ksmbd within the Linux kernel. This vulnerability occurs due to an incorrect calculation of the response buffer length in the smb2calcmaxoutbuflen function. The function used a hardcoded value instead of the proper offset, which could lead to issues in how response buffers are...

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2len with offsetof in smb2calcmaxoutbuflen After this commit e2b76ab8b5c9 "ksmbd: add support for read compound", response buffer management was changed to use dynamic iov array. In the new design,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010702 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of- bounds read and OOPS for SMB2WRITE, when there is a large...

CVE-2023-54250 ksmbd: avoid out of bounds access in decode_preauth_ctxt()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

EUVD-2023-42915

Malicious code in bioql PyPI...

EUVD-2025-26503

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-32255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type,...

CVE-2025-38561

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix PreauhHashValue race condition If client send multiple session setup requests to ksmbd, PreauhHashValue race condition could happen. There is no need to free sess-PreauhHashValue at session setup phase. It can be freed...

Linux Distros Unpatched Vulnerability : CVE-2021-45100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This...

Linux Distros Unpatched Vulnerability : CVE-2022-47941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2handlenegotiate error...

DEBIAN-CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

UBUNTU-CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...

UBUNTU-CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

DEBIAN-CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue...

UBUNTU-CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue...

CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

DEBIAN-CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2025-38092 ksmbd: use list_first_entry_or_null for opinfo_get_list()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use listfirstentryornull for opinfogetlist The listfirstentry macro never returns NULL. If the list is empty then it returns an invalid pointer. Use listfirstentryornull to check if the list is empty...

CVE-2025-22041 ksmbd: fix use-after-free in ksmbd_sessions_deregister()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...