712 matches found
CVE-2026-31538 smb: server: make use of smbdirect_socket.recv_io.credits.available
In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...
CVE-2026-31537
In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...
EUVD-2026-25429
In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...
CVE-2026-31536
In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...
CVE-2026-31537
In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...
CVE-2026-31536
The vulnerability CVE-2026-31536 affects the Linux kernel SMB direct server implementation. In smb: server: let send_done handle a completion without IB_SEND_SIGNALED, during smbdirect_send_batch processing requests may be processed without IB_SEND_SIGNALED and could be destroyed in the final req...
CVE-2026-31537
In the Linux kernel SMB server, CVE-2026-31537 arises from improper handling of smbdirect_socket.send_io.bcredits, which can corrupt the stream of reassembled data transfer messages when triggering an immediate (empty) send. The fix introduces a single batch credit per connection; code obtaining ...
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits
In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...
PT-2026-34890
In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect socket.recv io.credits.available The logic off managing recv credits by counting posted recv io and granted credits is racy. That's because the peer might already consumed a credit, but between...
PT-2026-34889
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the SMB server implementation causes corruption of the stream of reassembled data transfer messages when an immediate empty send is triggered. This occurs due to the improper...
PT-2026-34888
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB server component where the send done function needs to handle completions that lack the IB SEND SIGNALED flag. During smbdirect send batch processing, requests...
SUSE SLES15 Security Update : kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1274-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1274-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes various security issues The following security issues were fixed: -...
SUSE CVE-2026-23428
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of shareconf in compound request smb2getksmbdtcon reuses work-tcon in compound requests without validating tcon-tstate. ksmbdtreeconnlookup checks tstate == TREECONNECTED on the initial lookup path, but...
ROS-20260403-73-0003
A vulnerability in the ksmbdsessionrpcopen function in the fs/smb/server/mgmt/usersession.c module of the Linux kernel SMB server support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availabili...
CVE-2026-24294
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally...
CVE-2026-23364
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...
ROS-20260324-73-0001
A vulnerability in the smb2sesssetup function in the fs/smb/server/smb2pdu.c module of the Linux kernel SMB server support is related to synchronization errors when using a shared resource. Exploitation of the vulnerability may allow a remote attacker to affect confidentiality, integrity and...
ROS-20260323-73-0030
A vulnerability in the smb2setea function of the fs/smb/server/smb2pdu.c module of the Linux kernel SMB server support is related to buffer copying without checking the size of the input data classic buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of...