kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

CVE-2026-46243

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: cifs: Client: Fixed a memory leak in smb3fscontextParseParam. The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second call to fsconfig, not the first. Regarding fc-source, there is ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed the warning in cifssmb3domount This fixes the following warning reported by the kernel test robot: fs/smb/client/cifsfs.c:982 cifssmb3domount warning: possible memory leak of ‘cifssb’...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-007436)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007436 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifssbtlink Fix three refcount inconsistency issues related to...

CVE-2026-31392 smb: client: fix krb5 mount with username option

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20416-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20416-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues. The following security issues were fixed: - CVE-2025-39753:...

CVE-2026-23205

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2openfile Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //$serverip/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005195)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005195 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CI...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smb: client: Fix use-after-free in cifsfilldirent CVE-2025-38051 kernel: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength CVE-2025-39933 kernel: drm/i915:...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : kernel (RHSA-2026:0576)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0576 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: j1939: prevent deadlock b...

SUSE CVE-2025-68295

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifsconstructtcon When having a multiuser mount with domain= specified and using cifscreds, cifssetcifscreds will end up setting @ctx-domainname, so it needs to be freed before leaving...

CVE-2025-68295 smb: client: fix memory leak in cifs_construct_tcon()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifsconstructtcon When having a multiuser mount with domain= specified and using cifscreds, cifssetcifscreds will end up setting @ctx-domainname, so it needs to be freed before leaving...

Linux Distros Unpatched Vulnerability : CVE-2025-40268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second...

EUVD-2025-201587

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

CVE-2025-40268

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

DEBIAN-CVE-2025-40268

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...

UBUNTU-CVE-2025-40268

In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3fscontextparseparam The user calls fsconfig twice, but when the program exits, free only frees ctx-source for the second fsconfig, not the first. Regarding fc-source, there is no code in the f...