372 matches found
CVE-2026-31705
The CVE-2026-31705 issue affects the ksmbd component of the Linux kernel, where an out-of-bounds write occurs in smb2_get_ea() during EA alignment padding. After writing each EA entry, a 4-byte alignment padding is applied with memset() unconditionally, potentially overwriting adjacent kernel hea...
EUVD-2026-26514
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2getea EA alignment smb2getea applies 4-byte alignment padding via memset after writing each EA entry. The bounds check on buffreelen is performed before the value memcpy, but the alignment...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smb2getea function’s memset operation, where the remaining space after the EA alignment is no...
ksmbd: fix potencial OOB in get_file_all_info() for compound requests
...
SUSE CVE-2026-31432
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...
SUSE CVE-2026-31433
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...
EUVD-2026-24835
In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2len with offsetof in smb2calcmaxoutbuflen After this commit e2b76ab8b5c9 "ksmbd: add support for read compound", response buffer management was changed to use dynamic iov array. In the new design,...
EUVD-2026-24640
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...
EUVD-2026-24641
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...
CVE-2026-31432
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...
CVE-2026-31433
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...
CVE-2026-31433
CVE-2026-31433 affects the Linux kernel ksmbd module. A vulnerability arises when processing a compound SMB request of QUERY_DIRECTORY + QUERY_INFO (FILE_ALL_INFORMATION): the code lacked a validation check on the client-provided OutputBufferLength before copying a filename into the smb2_file_all...
CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...
CVE-2026-31432
CVE-2026-31432 affects the Linux kernel ksmbd component. Affected handling of compound requests (e.g., READ + QUERY_INFO(Security)) could allow an out-of-bounds write when the first READ command consumes most of the response buffer and ksmbd builds a security descriptor. The root cause is that sm...
CVE-2026-31432
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...
PT-2026-34276
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in the ksmbd component within the get file all info function during the processing of compound requests consisting of QUERY DIRECTORY and QUERY INFO FILE AL...
PT-2026-34275
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in ksmbd when processing compound requests, such as READ combined with QUERY INFOSecurity. If the initial command consumes most of the response buffer, ksmb...
Linux Distros Unpatched Vulnerability : CVE-2026-31432
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consume...
Linux Distros Unpatched Vulnerability : CVE-2026-23428
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of shareconf in compound request smb2getksmbdtcon reuses work-tcon...