48 matches found
CVE-2026-54069
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empt...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2TREEDISCONNECT commands. The issue arises due to the lack of proper locking when performing operations on an object. An attacker can exploit...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue arises due to the lack of proper locking when performing operations on an object. An...
CVE-2026-31718
A flaw was found in ksmbd, the in-kernel SMB3 server for Linux. This vulnerability arises from an asymmetric cleanup process when a durable file handle survives a session disconnect. Specifically, byte-range locks are not properly cleared, leading to a 'use-after-free' error when the durable...
ksmbd: validate EaNameLength in smb2_get_ea()
...
CVE-2026-31444
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...
PT-2026-26211
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description SiYuan is a personal knowledge management system. The kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incomin...
CVE-2025-68817
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdtreeconnectput under concurrency Under high concurrency, A tree-connection object tcon is freed on a disconnect path while another path still holds a reference and later executes put/write on it...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a race condition in the RPC handle list access mechanism. The sess-rpchandlelist XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by sess-rpclock a rwsemaphore...
CVE-2023-54250 ksmbd: avoid out of bounds access in decode_preauth_ctxt()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
ksmbd: transport_ipc: validate payload size before reading handle
...
ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size
...
UBUNTU-CVE-2025-39692
In the Linux kernel, the following vulnerability has been resolved: smb: server: split ksmbdrdmastoplistening out of ksmbdrdmadestroy We can't call destroyworkqueuesmbdirectwq; before stopsessions! Otherwise already existing connections try to use smbdirectwq as a NULL pointer...
CVE-2025-38728
CVE-2025-38728 : Linux kernel SMB3/kdmbd (ksmbd) mount path vulnerability. The issue stems from a missing check in parse_server_interfaces() under KASAN, enabling a slab-out-of-bounds read during a ksmbd mount. The bug is reported in the CIFS/SMB3 path with a read of size 4 at a kernel address du...
ksmbd: fix null pointer dereference in alloc_preauth_hash()
...
ksmbd: fix Preauh_HashValue race condition
...
ksmbd: fix use-after-free in ksmbd_session_rpc_open
...
The vulnerability of the `ksmbd_krb5_authenticate()` function in the `ksmbd` component of the Linux operating system allows a hacker to induce a service failure.
The vulnerability of the ksmbdkrb5authenticate function in the ksmbd component of the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to trigger a denial-of-service attack...
DEBIAN-CVE-2023-32255
A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...
ksmbd: prevent rename with empty string
...