Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: smb/server: Fixed a potential null-ptr-deref of leasectxinfo in smb2open. null-ptr-deref will occur when reqoplevel == SMB2OPLOCKLEVELLEASE and parseleasestate returns NULL. The issue was fixed by checking whether leasectxinfo is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: server: splitting ksmbdrdmastoplistening from ksmbdrdmaDestroy We cannot call destroyworkqueuesmbdirectwq; before stopsessions! Otherwise, existing connections will attempt to use smbdirectwq as a NULL pointer...

GHSA-V6WH-96G9-6WX3 launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

External Control of File Name or Path

Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to External Control of File Name or Path in the handling of UNC paths on Windows systems. An attacker can obtain NTLMv2 password hashes by tricking a user into accessing a malicious SMB server...

PT-2026-49575

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...

CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak of activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The use of smbdirectsocketrecvio.credits.available is problematic. The logic for managing recv credits by counting posted recvio and granted credits is flawed. This is because the peer might have already consumed a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The senddone handler now handles completion without using IBSENDSIGNALED. With smbdirectsendbatch, we likely have requests that do not include IBSENDSIGNALED. These requests will be destroyed during the final request...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: server: avoid double-free in smbdirectfreesendmsg after smbdirectFlushsendlist smbdirectFlushsendlist already calls smbdirectfreesendmsg; therefore, we should not call it again after postsendmsg. It has been moved to the...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities stem from the fact that ksmbd does not verify the SID length of inherited ACEs in the...

SUSE CVE-2026-43378

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

EUVD-2026-29870

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated...

CVE-2026-43378

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

CVE-2026-43378

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

CVE-2026-43379 ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smblazyparentleasebreakclose opinfo pointer obtained via rcudereferencefp-fopinfo is being accessed after rcureadunlock has been called. This creates a race condition where the memory could be freed b...

CVE-2026-43378 smb: server: fix use-after-free in smb2_open()

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

CVE-2026-43378

CVE-2026-43378 affects the Linux kernel SMB server (smb2_open). A use-after-free arises because the opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window. Multiple sources (SUSE, Red Hat, Debian OSV, Ubuntu, Debian t...