Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the closetimeo mount option. The user-provided closetimeo mount parameter, of type u32, is intended to have an upper limit. However, before this limit is validated, the value...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the acregmax mount option. The user-provided mount parameter acregmax, of type u32, is intended to have an upper limit. However, before this value is validated, it is convert...

Astra Linux - уязвимость в linux-5.15, linux-6.1

A flaw was discovered in the handling of SMB2 read requests within the kernel’s ksmbd module. The issue arises due to the lack of proper validation of user-provided data, which can lead to reading data beyond the end of an allocated buffer. An attacker can exploit this vulnerability to disclose...

CVE-2026-31693

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

EUVD-2026-26367

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006803 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...

ALSA-2026:0760 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: smb: client: Fix use-after-free in cifsfilldirent CVE-2025-38051 kernel: smb: client: let recvdone verify dataoffset, datalength a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001859)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001859 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002329 advisory. The cifsiovecwrite function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requeste...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000296)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000296 advisory. An issue was discovered in the Linux kernel before 5.0.10. SMB2read in fs/cifs/smb2pdu.c has a use-after- free. NOTE: this was not fixed correctly in 5.0.10; see the...

CVE-2023-54260

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

DEBIAN-CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

UBUNTU-CVE-2023-53751

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

PT-2025-42062

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description An issue exists in the Windows SMB Server component related to improper access control. Exploitation of this issue can allow an attacker to elevate privileges over a network. This ca...

UBUNTU-CVE-2023-53597

In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection. But we do not return the mi...

CVE-2025-38523

The CVE-2025-38523 issue affects the Linux kernel CIFS client/server path (smbd_recv/smbd_readv) where data copied from the smbd_response slab via copy_to_iter() could trigger kernel memory exposure when CONFIG_HARDENED_USERCOPY is enabled. The root cause is that the smbd_response slab’s packet f...

Linux Distros Unpatched Vulnerability : CVE-2025-37844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifsserverdbg implies server to be non-NULL...

smb: client: fix potential deadlock when reconnecting channels

...

UBUNTU-CVE-2025-21963

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of handlecache and multiuser in cifs...