2 matches found
CVE-2026-52944
A flaw was found in the Linux kernel's ksmbd component. This vulnerability allows a client to bypass intended permission restrictions by using the FSCTLSETSPARSE operation. Specifically, a client on a read-only share can modify a file's sparse attribute, and clients on writable shares can modify...
CVE-2026-52944 ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...