Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A use-after-free issue was fixed in smbbreakalllevIIoplock. There is a section within smbbreakalllevIIoplock that can cause race conditions when unlocking during the loop. This patch uses a read lock to protect the entire...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb/client: Avoid referencing rdata=NULL in smb2newreadreq. This occurs when calling from SMB2read while using rdma, and when reaching the rdmareadwritethreshold...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevents out-of-bounds stream writes by validating pos. The ksmbdvfsstreamwrite function did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed a buffer overflow issue when parsing NFS reparse points. ReparseDataLength is the sum of the InodeType size and the DataBuffer size. To obtain the DataBuffer size, it is necessary to subtract the InodeType size fro...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb3: Fixed temporary data corruption during the insert range operation. The insert range does not discard the affected cached data; therefore, there is a risk of temporarily corrupting file data. Some minor optimizations were...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2negotiate In some cases of failure dialect mismatches in SMB2negotiate, after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to negex...

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the handling of the SMB2TREECONNECT and SMB2QUERYINFO commands. The issue arises from the lack of proper validation of a pointer before accessing it. An...

smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path

...

CVE-2026-31712

A flaw was found in the ksmbd component of the Linux kernel. An authenticated Server Message Block SMB client with permissions to set an Access Control List ACL on a file can craft a malicious Discretionary Access Control List DACL. This crafted DACL, containing an undersized Access Control Entry...

CVE-2026-31710

A flaw was found in the Linux kernel's Server Message Block SMB client. When mounting SMB1 UNIX shares, the system may incorrectly handle directory separators. This issue arises because flags related to POSIX Access Control Lists ACLs and paths are not properly updated, leading to the use of an...

CVE-2026-31709

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

CVE-2026-31708

A flaw was found in the Linux kernel's Server Message Block SMB client. A malicious server can exploit an out-of-bounds read vulnerability by manipulating the OutputBufferLength during a QUERYINFO operation. This can lead to the exposure of sensitive kernel memory to userspace, resulting in...

CVE-2026-31705

A flaw was found in the ksmbd component of the Linux kernel. This out-of-bounds write vulnerability occurs when processing Server Message Block SMB extended attribute EA information. Specifically, the smb2getea function performs an unconditional memory write for alignment padding without checking...

CVE-2026-31710 smb: client: fix dir separator in SMB1 UNIX mounts

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

EUVD-2026-26519

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

CVE-2026-31710

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

CVE-2026-31709

In the Linux kernel SMB client (cifsacl), CVE-2026-31709 arises from insufficient validation of a server-provided DACL when rewriting security descriptors. The fix extends structural validation to ensure the DACL header, size, and per-ACE bounds are checked before any rewrite paths (replace_sids_...

CVE-2026-31708

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

SUSE CVE-2026-6867

SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unchecked response buffer size in the QUERYINFO path of the smb2ioctlqueryinfo function. This...