SUSE CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

EUVD-2026-32812

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

CVE-2026-45972

The CVE-2026-45972 issue affects the Linux kernel SMB client, specifically smb2_open_file(), where improper handling could lead to memory corruption (UAF) or a double free during SMB2_open() retries. The fixed description states that zeroing err_iov and err_buftype before retrying SMB2_open() pre...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed an issue where shareconf was freed after use, in compound requests. smb2getksmbdtcon reuses work-tcon in compound requests without validating tcon-tstate. ksmbdtreeconnlookup checks that tstate is TREECONNECTED...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added freetransport operations in ksmbd connections. The freetransport function for TCP connections can be called from smbdirect. This can lead to a kernel oops. This patch adds freetransport operations in ksmbd connection...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue arises due to the lack of proper locking when performing operations on an object. An...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a potential UAF in smb2closecachedfid findorcreatecacheddir could acquire a new reference after krefput The issue was observed when the refcount dropped to zero, but before cfidlistlock was acquired. In...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a use-after-free in the durable v2 replay of active file handles. In the parsedurablehandle function, dhinfo-fp-conn is assigned unconditionally to the current connection when handling a DURABLEREQV2 context with...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The “binding mark” of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 lib.cifs.ko library. The cifs.ko library can send session setup requests on reused connections. If...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a potential deadlock that could occur when reconnecting channels. Fixed the function cifssignalcifsdforreconnect to take the correct lock order and prevent the following deadlock from occurring:...

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.3.9. ksmbd does not validate the SMB request protocol ID, resulting in an out-of-bounds read...

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.3.10. The file fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, resulting in a out-of-bounds read...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw resides in the handling of SMB2SESSIONSETUP commands. The problem arises due to a lack of control over resource consumption. An attacker can exploit this vulnerability to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the owner of the durable handle upon reconnection. Currently, ksmbd does not verify whether the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any...

Eternalblue-ms17-010-lab

01-EternalBlue-MS17-010-README.mdhttps://github.com/user-atta...

EUVD-2026-28668

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

UBUNTU-CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

CVE-2026-43378

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

CVE-2026-43362 smb: client: fix in-place encryption corruption in SMB2_write()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

PT-2026-39040

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the smb lazy parent lease break close function. The opinfo pointer, obtained via rcu dereferencefp-f opinfo, is accessed after rcu read unlock is called...