Lucene search
K

12 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Validated numaces and hardened the ACE walk in smbinheritdacl. smbinheritdacl relies on the numaces value from the parent directory’s DACL xattr and uses it to allocate memory for the heap: acesbase = kmallocsizeofstruc...

8.8CVSS5.9AI score0.00369EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.11 views

SUSE CVE-2026-31706

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

7CVSS5.9AI score0.00369EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-31706

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses i...

8.8CVSS7.3AI score0.00369EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/01 8:9 p.m.8 views

CVE-2026-31706

A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel SMB server. An authenticated client can exploit this vulnerability by manipulating the numaces value within the parent directory's security.NTACL extended attribute. This manipulation causes ksmbd to attempt an excessivel...

8.8CVSS5.7AI score0.00369EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:56 p.m.3 views

CVE-2026-31706

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

5.9AI score0.00369EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/01 1:56 p.m.13 views

CVE-2026-31706

In ksmbd (Linux kernel), CVE-2026-31706 is due to a validation flaw in smb_inherit_dacl(): the on-disk num_aces from a parent directory’s security.NTACL is trusted to size a heap allocation (kmalloc(sizeof(struct smb_ace) * num_aces * 2)) without verifying consistency with pdacl_size. An authenti...

8.8CVSS6AI score0.00369EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/01 1:56 p.m.38 views

CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

8.8CVSS0.00369EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.11 views

PT-2026-36336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb inherit dacl function trusts the num aces value from a parent directory's DACL xattr to determine the size of a heap allocation. An...

9.8CVSS6.1AI score0.00549EPSS
Exploits2References50
Microsoft CVE
Microsoft CVE
added 2022/12/31 8:0 a.m.2 views

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.

...

8.8CVSS7AI score0.03576EPSS
Exploits0
OSV
OSV
added 2022/12/23 4:15 p.m.7 views

AZL-12097 CVE-2022-47942 affecting package kernel for versions less than 5.15.86.1-1

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in setntacldacl, related to use of SMB2QUERYINFOHE after a malformed SMB2SETINFOHE command...

8.8CVSS7AI score0.03576EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/17 12:0 a.m.1 views

PT-2022-33935 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.62 Description: A heap-based overflow issue exists in the set ntacl dacl function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

7.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.7 views

PT-2022-6038 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.15 through 5.19 before 5.19.2 Description: The issue is related to a heap-based buffer overflow in the Linux kernel's ksmbd subsystem, specifically in the set ntacl dacl function. This overflow is connected to the use ...

9.8CVSS8AI score0.58461EPSS
Exploits29References204
Rows per page
Query Builder