The vulnerability in the implementation of the Server Message Block (SMB) protocol in Windows operating systems allows a perpetrator to disclose protected information.

The vulnerability of the Server Message Block SMB protocol in Windows operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the protocol...

CVE-2025-29956

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network...

kernel: smb: client: fix possible double free in smb2_set_ea()

A doubly freeing memory vulnerability exists in the Linux kernel smb client. After the first successful memory allocation for 'ea', the second memory release for 'ea' will result in double free, leading to loss of availability of the system...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree...

Microsoft Windows SMB Client 安全漏洞

Microsoft Windows SMB Client is an application from Microsoft Corporation USA. An SMB client. A security vulnerability exists in Microsoft Windows SMB Client. An attacker exploiting this vulnerability could gain access to sensitive information. The following products and editions are...

PT-2025-22215

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition in the Linux kernel's SMB client can occur when a pre-existing valid cfid returned from find or create cached dir might race with a lease break. This can cause open cach...

Do Not Enable the Samba Service

The daemon of Samba allows the system administrator to configure the Linux system to share file systems and directories with Windows systems. Samba publishes file systems and directories through the Server Message Block SMB protocol. Windows users will be able to mount these directories and file...

SMB to HTTP relay version of Get NAA Creds

This module creates an SMB server and then relays the credentials passed to it to SCCM's HTTP server aka Management Point to gain an authenticated connection. Once authenticated it then attempts to retrieve the Network Access Accounts, if configured, from the SCCM server. This requires a computer...

SUSE CVE-2025-37750

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...

UBUNTU-CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

UBUNTU-CVE-2025-37750

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in multi-channel decryption in the smb client...

USN-7462-2 linux-aws-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - File systems infrastructure; - Ext4 file system; - Network file system NFS server...

CVE-2025-1048

Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw...

Sonos Era 300 资源管理错误漏洞

The Sonos Era 300 is a spatial audio speaker with Dolby Atmos Dolby Atmos from Sonos USA. The Sonos Era 300 suffers from a resource management error vulnerability that originates from SMB data processing without verifying object existence, which could lead to post-release reuse and remote code...

SUSE CVE-2025-22077

In the Linux kernel, the following vulnerability has been resolved: Revert "smb: client: fix TCP timers deadlock after rmmod" This reverts commit e9f2517a3e18a54a3943c098d2226b245d488801. Commit e9f2517a3e18 "smb: client: fix TCP timers deadlock after rmmod" is intended to fix a null-ptr-deref in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ksmbd not verifying that numsubauth is zero...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an imbalance in the reference count of the smb client netns, which could lead to a memory leak and reuse aft...

CVE-2025-32103

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions...

The vulnerability of the cifs_strndup_from_utf16() function in the /fs/smb/client/reparse.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cifsstrndupfromutf16 function in the /fs/smb/client/reparse.c module of the Linux kernel involves copying buffers without checking their size—a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...