Lucene search
+L

39 matches found

Positive Technologies
Positive Technologies
added 20 hours ago3 views

PT-2026-61226

In the Linux kernel, the following vulnerability has been resolved: ksmbd: OOB read regression in smb check perm dacl ACE-walk loops Commit d07b26f39246 "ksmbd: require minimum ACE size in smb check perm dacl" introduced a transposed bounds check: if offsetofstruct smb ace, sid + aces size size...

5.4AI score
Exploits0References8
OSV
OSV
added 2026/05/01 1:56 p.m.1 views

CVE-2026-31705 ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2getea EA alignment smb2getea applies 4-byte alignment padding via memset after writing each EA entry. The bounds check on buffreelen is performed before the value memcpy, but the alignment...

9.8CVSS6.8AI score0.00389EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/22 6:35 p.m.13 views

CVE-2026-31478

A flaw was found in ksmbd within the Linux kernel. This vulnerability occurs due to an incorrect calculation of the response buffer length in the smb2calcmaxoutbuflen function. The function used a hardcoded value instead of the proper offset, which could lead to issues in how response buffers are...

9.8CVSS5.9AI score0.00502EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.36 views

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2len with offsetof in smb2calcmaxoutbuflen After this commit e2b76ab8b5c9 "ksmbd: add support for read compound", response buffer management was changed to use dynamic iov array. In the new design,...

9.8CVSS0.00502EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010702 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of- bounds read and OOPS for SMB2WRITE, when there is a large...

8.1CVSS6.8AI score0.03503EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the use-of-free issue in session logoff. The sess-user object may currently be used by another thread. For example, if another connection sends a session setup request to make the session available for use. The...

7.8CVSS6.5AI score0.00384EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/12/30 12:15 p.m.44 views

CVE-2023-54250 ksmbd: avoid out of bounds access in decode_preauth_ctxt()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

0.00168EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42915

Malicious code in bioql PyPI...

7.5CVSS4.6AI score0.01381EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26503

Malicious code in bioql PyPI...

6.3AI score0.07142EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-32255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type,...

5.3CVSS5.6AI score0.00473EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/08/19 5:2 p.m.11 views

CVE-2025-38561

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix PreauhHashValue race condition If client send multiple session setup requests to ksmbd, PreauhHashValue race condition could happen. There is no need to free sess-PreauhHashValue at session setup phase. It can be freed...

8.5CVSS5.4AI score0.00391EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-45100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This...

7.5CVSS7AI score0.00905EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-47941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2handlenegotiate error...

7.5CVSS6.5AI score0.04906EPSS
Exploits0References2
OSV
OSV
added 2025/08/02 11:15 p.m.15 views

DEBIAN-CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

5.9CVSS5.8AI score0.00298EPSS
Exploits0References1
OSV
OSV
added 2025/08/02 11:15 p.m.9 views

UBUNTU-CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

5.9CVSS5.8AI score0.00298EPSS
Exploits0References5
OSV
OSV
added 2025/08/02 11:15 p.m.5 views

UBUNTU-CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...

5.3CVSS5.8AI score0.00473EPSS
Exploits0References7
OSV
OSV
added 2025/08/01 6:15 p.m.4 views

DEBIAN-CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue...

7.5CVSS7.2AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2025/08/01 6:15 p.m.4 views

UBUNTU-CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue...

7.5CVSS5.8AI score0.00526EPSS
Exploits0References7
OSV
OSV
added 2025/07/31 9:15 p.m.6 views

DEBIAN-CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

3.7CVSS4.9AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2025/07/31 8:44 p.m.10 views

CVE-2023-32251 Kernel: ksmbd brute force delay bypass via asynchronous requests

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

3.7CVSS5.8AI score0.00433EPSS
Exploits0References8
Rows per page
Query Builder