43 matches found
Astra Linux - уязвимость в linux-5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2TREEDISCONNECT commands. The issue arises due to the lack of proper locking when performing operations on an object. An attacker can exploit...
Astra Linux - уязвимость в linux-5.15
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a race condition in the RPC handle list access. The sess-rpchandlelist XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by sess-rpclock a rwsemaphore. However, the...
CVE-2026-31718
A flaw was found in ksmbd, the in-kernel SMB3 server for Linux. This vulnerability arises from an asymmetric cleanup process when a durable file handle survives a session disconnect. Specifically, byte-range locks are not properly cleared, leading to a 'use-after-free' error when the durable...
ksmbd: validate EaNameLength in smb2_get_ea()
...
CVE-2026-31444
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...
PT-2026-26211
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description SiYuan is a personal knowledge management system. The kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incomin...
CVE-2025-68817
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdtreeconnectput under concurrency Under high concurrency, A tree-connection object tcon is freed on a disconnect path while another path still holds a reference and later executes put/write on it...
CVE-2023-54250 ksmbd: avoid out of bounds access in decode_preauth_ctxt()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
ksmbd: transport_ipc: validate payload size before reading handle
...
ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size
...
UBUNTU-CVE-2025-39692
In the Linux kernel, the following vulnerability has been resolved: smb: server: split ksmbdrdmastoplistening out of ksmbdrdmadestroy We can't call destroyworkqueuesmbdirectwq; before stopsessions! Otherwise already existing connections try to use smbdirectwq as a NULL pointer...
CVE-2025-38728
CVE-2025-38728 : Linux kernel SMB3/kdmbd (ksmbd) mount path vulnerability. The issue stems from a missing check in parse_server_interfaces() under KASAN, enabling a slab-out-of-bounds read during a ksmbd mount. The bug is reported in the CIFS/SMB3 path with a read of size 4 at a kernel address du...
ksmbd: fix null pointer dereference in alloc_preauth_hash()
...
ksmbd: fix Preauh_HashValue race condition
...
ksmbd: fix use-after-free in ksmbd_session_rpc_open
...
DEBIAN-CVE-2023-32255
A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...
ksmbd: prevent rename with empty string
...
ksmbd: validate zero num_subauth before sub_auth is accessed
...
PT-2025-18458
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue has been resolved in the Linux kernel, specifically in the ksmbd component. The problem occurs when the ksmbd connection is referenced after the ksmbd server threa...