11 matches found
CVE-2026-31610
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...
DEBIAN-CVE-2026-31610
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...
CVE-2026-31610
CVE-2026-31610 affects ksmbd in the Linux kernel. The issue is a memory-leak in the SPNEGO decode path: during ksmbd_decode_negTokenInit, the code allocates conn->mechToken and may fail parsing later elements, leaving the previously allocated token. If the continuation path marks use_spnego fa...
PT-2026-34962
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the ksmbd component during the SPNEGO decoding process. When the ksmbd decode negTokenInit function processes the mechToken OCTET STRING element, the ksmbd neg...
CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2024-26594 ksmbd: validate mech token in session setup
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
Linux Kernel ksmbd Mech Token Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of SMB2 Mech...