59 matches found
CVE-2025-21844
CVE-2025-21844 affects the Linux kernel SMB client path. The vulnerability could allow a NULL pointer dereference in the receive_encrypted_standard() path due to missing checks, which could crash the kernel. The fix adds checks for the next_buffer in receive_encrypted_standard() and validates the...
CVE-2025-21844 smb: client: Add check for next_buffer in receive_encrypted_standard()
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...
CVE-2025-21725
CVE-2025-21725 concerns the Linux kernel CIFS/SMB client. The issue arises when NETWORK_INTERFACE_INFO::LinkSpeed is not guaranteed to be set by the server, potentially causing an oops (divide error) in the cifs client path. The provided connected documents specify the fix as: fix by setting cifs...
PT-2026-8177
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's smb/server component within the create smb2 pipe function. Specifically, if the ksmbd iov pin rsp function fails, the ksmbd session rpc close function...
CVE-2024-56729
In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid-tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cacheddirleasebreak and...
kernel: smb: client: fix potential UAF in smb2_is_valid_oplock_break()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2isvalidoplockbreak Skip sessions that are being teared down status == SESEXITING to avoid UAF...
SUSE CVE-2024-26936
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2allocaterspbuf The response buffer should be allocated in smb2allocaterspbuf before validating request. But the fields in payload as well as smb2 header is used in smb2allocaterspbuf. Th...
OESA-2024-1501 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in initsmb2rsphdr If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiat...
USN-6705-1 linux-aws, linux-aws-5.15 vulnerabilities
It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-22995 It was discovered that the NVIDIA...
UBUNTU-CVE-2023-52441
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in initsmb2rsphdr If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiate request since needneg is set to false. This patch ignore smb1...
CLSA-2024-1708094049 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...
USN-6628-1 linux-intel-iotg vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...
AZL-31730 CVE-2023-5345 affecting package hyperv-daemons for versions less than 5.15.135.1-1
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3fscontextparseparam, ctx-password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading pas...
OESA-2023-1636 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2SESSIONSETUP commands. The issue results from the lack of control of resource consumption...
USN-6350-1 linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15 vulnerabilities
It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service system crash. CVE-2022-48425...
USN-6338-1 linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi vulnerabilities
Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-21255 It was discovered that a race condition existed in th...
DEBIAN-CVE-2023-32252
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to creat...
CVE-2023-32258 Session race condition remote code execution vulnerability
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...
The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources. Exploiting this vulnerability allows a remote attacker to cause service failures using the SMB2SESSIONSETUP command...