CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

84 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-52911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...

5.8AI score0.00176EPSS

Exploits0References3

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A potential out-of-bounds error has been fixed when the buffer offset is invalid. I identified a potential out-of-bounds situation when the buffer offset fields of several requests are invalid. This patch sets the minimum...

8.1CVSS6.3AI score0.00814EPSS

Exploits0References2

AstraLinux•added 5 days ago•8 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The UAF issue in ksmbdtcpnewconnection has been fixed. The race that occurs is between the process of handling a new TCP connection and its disconnection. This causes a UAF error in the struct tcptransport structure within...

7.8CVSS6AI score0.00828EPSS

Exploits0References2

AstraLinux•added 5 days ago•8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The issue related to “slab-use-after-free” in smb3preauthhashrsp has been fixed. The function ksmbdusersessionput should be called under smb3preauthhashrsp. This will prevent freeing a session before calling...

7.8CVSS6.7AI score0.00243EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: It is required that 3 sub-authorities are present before reading subauth2. parsedacl compares each ACE SID against sidunixNFSmode. When a match is found, it reads sid.subauth2 as the file mode. If sidunixNFSmode represents...

8.6CVSS5.3AI score0.00366EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A possible reference count leak in smb2open has been fixed. The reference count of ACLs will cause a leak when memory allocation fails. This issue has been addressed by adding the missing posixaclrelease function...

5.5CVSS5.5AI score0.00159EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

A use-after-free flaw was discovered in the setupasyncwork function in the KSMBD implementation of the in-kernel Samba server and CIFS services in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed resources...

6.5CVSS6.6AI score0.01047EPSS

Exploits0References2

UbuntuCve•added 2026/05/08 3:16 p.m.•8 views

CVE-2026-43379

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smblazyparentleasebreakclose opinfo pointer obtained via rcudereferencefp-fopinfo is being accessed after rcureadunlock has been called. This creates a race condition where the memory could be freed b...

9.8CVSS5.7AI score0.00444EPSS

Exploits0References7

CVE•added 2026/05/08 2:21 p.m.•17 views

CVE-2026-43379

CVE-2026-43379 affects ksmbd (Linux kernel) with a use-after-free in smb_lazy_parent_lease_break_close. The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is accessed after rcu_read_unlock(), creating a race where the memory could be freed by a concurrent writer before subsequent de...

9.8CVSS5.7AI score0.00444EPSS

Exploits0References5Affected Software1

Debian CVE•added 2026/05/08 2:21 p.m.•8 views

CVE-2026-43379

9.8CVSS5.7AI score0.00444EPSS

Exploits0

RedhatCVE•added 2026/05/06 8:47 p.m.•14 views

CVE-2026-43185

A flaw was found in ksmbd within the Linux kernel. A remote attacker can exploit a signedness bug in the smbdirectpreparenegotiation function by sending a specially crafted preferredsendsize value during SMB direct negotiation. This manipulation leads to an incorrect size calculation, allowing a...

9.8CVSS6.4AI score0.00622EPSS

Exploits0References4

Debian CVE•added 2026/05/06 11:27 a.m.•4 views

CVE-2026-43185

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...

9.8CVSS6AI score0.00622EPSS

Exploits0

AstraLinux•added 2026/05/03 11:59 p.m.•9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The reference count leak in smbcheckpermdacl has been fixed. The issue occurs in a specific part of smbcheckpermdacl. When “id” and “uid” have the same value, the function simply jumps out of the loop without decrementing...

5.5CVSS5.4AI score0.0024EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: In the vfs module, a race condition occurred regarding the mFlags field. ksmbd maintains states such as “delete-on-close” and “pending-delete” in the mFlags field of the ksmbdinode structure. In the vfscache.c file, thi...

5.4AI score0.00168EPSS

Exploits0References1

Tenable Nessus•added 2026/05/02 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-31704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: use checkaddoverflow to prevent u16 DACL size overflow setposixaclentriesdacl and setntacldacl accumulate ACE sizes in u16 variables. When a file has man...

5.5CVSS6.2AI score0.00117EPSS

Exploits0References3

NVD•added 2026/05/01 2:16 p.m.•6 views

CVE-2026-31718

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdclosefd via durable scavenger When a durable file handle survives session disconnect TCP close without SMB2LOGOFF, sessionfdcheck sets fp-conn = NULL to preserve the handle for later reconnection...

9.8CVSS0.00356EPSS

Exploits0References5

ATTACKERKB•added 2026/05/01 1:56 p.m.•6 views

CVE-2026-31718

9.8CVSS5.7AI score0.00356EPSS

Exploits0References6Affected Software1

CVE•added 2026/05/01 1:56 p.m.•14 views

CVE-2026-31711

CVE-2026-31711 concerns the Linux kernel ksmbd server where a leak of active_num_conn occurs during transport allocation failure. The issue lets an unauthenticated remote attacker exacerbate memory pressure by holding connections with large RFC1002 lengths, causing the max_connections pool to be ...

7.5CVSS5.8AI score0.00549EPSS

Exploits0References7Affected Software1

EUVD•added 2026/05/01 1:56 p.m.•5 views

EUVD-2026-26515

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

6AI score0.00369EPSS

Exploits0References4