59 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.23 bug fix and security update
Red Hat OpenShift Container Platform release 4.21.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...
ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
...
CVE-2026-53046
The CVE-2026-53046 entry concerns the ksmbd component of the Linux kernel. The vulnerability arises in ksmbd_crypt_message(), which sets a NULL completion callback on AEAD requests and does not properly handle -EINPROGRESS from async hardware crypto engines such as the Qualcomm Crypto Engine (QCE...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...
EUVD-2026-38148
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Out-of-bounds access has been avoided in the decodepreauthctxt function. It has been confirmed that the address of pnegctxt-HashAlgorithms lies within the boundaries of the SMB request. The deassemblenegcontexts function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak in activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...
CVE-2026-45924
In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbdvfskernpathendremoving on some error paths There are two places where ksmbdvfskernpathendremoving needs to be called in order to balance what the corresponding successful call to ksmbdvfskernpathstartremoving has...
PT-2026-43791
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the function ksmbd vfs kern path end removing is not called on certain error paths. This failure to balance the corresponding ksmbd vfs kern pat...
SUSE CVE-2026-31711
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix activenumconn leak on transport allocation failure Commit 77ffbcac4e56 "smb: server: fix leak of activenumconn in ksmbdtcpnewconnection" addressed the kthreadrun failure path. The earlier alloctransport == NULL...
Linux Distros Unpatched Vulnerability : CVE-2026-31705
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix out-of-bounds write in smb2getea EA alignment smb2getea applies 4-byte alignment padding via memset after writing each EA entry. The bounds check on...
CVE-2026-31717
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...
CVE-2026-31717
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...
CVE-2026-31706
In ksmbd (Linux kernel), CVE-2026-31706 is due to a validation flaw in smb_inherit_dacl(): the on-disk num_aces from a parent directory’s security.NTACL is trusted to size a heap allocation (kmalloc(sizeof(struct smb_ace) * num_aces * 2)) without verifying consistency with pdacl_size. An authenti...
ksmbd: require 3 sub-authorities before reading sub_auth[2]
...
PT-2026-34349
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The smb grant oplock function in ksmbd contains two issues. First, a use-after-free occurs when opinfo is linked into ci-m op list before add lease global list is called; if the latter...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ksmbd’s handling of composite requests like QUERYDIRECTORY + QUERYINFOFILEALLINFORMATION. This...
CVE-2026-23427 ksmbd: fix use-after-free in durable v2 replay of active file handles
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
ROS-20260403-73-0003
A vulnerability in the ksmbdsessionrpcopen function in the fs/smb/server/mgmt/usersession.c module of the Linux kernel SMB server support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availabili...
CVE-2026-23364
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...