Azure Linux 3.0 Security Update: kernel (CVE-2024-57895)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57895 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTRCTIME flags when setting...

EUVD-2022-50672

Malicious code in bioql PyPI...

EUVD-2022-50676

Malicious code in bioql PyPI...

EUVD-2022-50671

Malicious code in bioql PyPI...

EUVD-2022-50675

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: add freetransport ops in ksmbd connection freetransport function for tcp connection c...

Linux Distros Unpatched Vulnerability : CVE-2024-26811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.moun...

CVE-2025-38092

CVE-2025-38092 concerns the Linux kernel (ksmbd) and the opinfo_get_list() path. The root cause is use of list_first_entry(), which does not return NULL for empty lists, leading to an invalid pointer. The fix is to switch to list_first_entry_or_null() to safely detect empties. Public references i...

CVE-2023-38426

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2findcontextvals when createcontext's namelen is larger than the tag length...

CVE-2025-37776

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smbbreakalllevIIoplock There is a room in smbbreakalllevIIoplock that can cause racy issues when unlocking in the middle of the loop. This patch use read lock to protect whole loop...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56626)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56626 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46795)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46795 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reuse...

CVE-2024-50086 ksmbd: fix user-after-free from session log off

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add sessionlock when setting SMB2SESSIONEXPIRED and...

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdusize in ksmbdconnhandlerloop, leading to an out-of-bounds read...

CVE-2023-38426

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2findcontextvals when createcontext's namelen is larger than the tag length...

CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts...

CVE-2022-47939

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2TREEDISCONNECT...

CVE-2022-47942

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in setntacldacl, related to use of SMB2QUERYINFOHE after a malformed SMB2SETINFOHE command...

CVE-2022-47938

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2TREECONNECT...

PT-2022-35151 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns incorrect handling of iterate dir in ksmbd. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.3,...