smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path

...

SUSE CVE-2026-31705

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2getea EA alignment smb2getea applies 4-byte alignment padding via memset after writing each EA entry. The bounds check on buffreelen is performed before the value memcpy, but the alignment...

CVE-2026-31708

A flaw was found in the Linux kernel's Server Message Block SMB client. A malicious server can exploit an out-of-bounds read vulnerability by manipulating the OutputBufferLength during a QUERYINFO operation. This can lead to the exposure of sensitive kernel memory to userspace, resulting in...

CVE-2026-31705 ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2getea EA alignment smb2getea applies 4-byte alignment padding via memset after writing each EA entry. The bounds check on buffreelen is performed before the value memcpy, but the alignment...

CVE-2026-31705

The CVE-2026-31705 issue affects the ksmbd component of the Linux kernel, where an out-of-bounds write occurs in smb2_get_ea() during EA alignment padding. After writing each EA entry, a 4-byte alignment padding is applied with memset() unconditionally, potentially overwriting adjacent kernel hea...

PT-2026-36338

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the smb2 ioctl query info function within the QUERY INFO path. The function clamps qi.input buffer length to the server-reported OutputBufferLength and...

UBUNTU-CVE-2025-40320

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2queryinfocompound When smb2queryinfocompound retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay, later cleanup could act o...

Linux Distros Unpatched Vulnerability : CVE-2025-40320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix potential cfid UAF in smb2queryinfocompound When smb2queryinfocompound retries, a previously allocated cfid may have been freed in the first...

CVE-2025-55696

Time-of-check time-of-use toctou race condition in NtQueryInformation Token function ntifs.h allows an authorized attacker to elevate privileges locally...

CVE-2025-55696

Time-of-check time-of-use toctou race condition in NtQueryInformation Token function ntifs.h allows an authorized attacker to elevate privileges locally...

PT-2025-42046

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists in the NtQueryInformationToken function within ntifs.h. This condition allows a locally authorized attacker to elevate privileges. The...

EUVD-2002-2011

Malware in sbrugna...

Apache Superset Information Disclosure Vulnerability (CNVD-2025-19102)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...

pds_core: make wait_context part of q_info

...

CVE-2002-2032

sqllayer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sqldebug parameter to 1 index.php and 2 modules.php...

CVE-2024-37526 IBM Watson Query on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation. A security vulnerability exists in the Linux kernel that stems from flaws in the handling of the SMB2TREECONNECT and SMB2QUERYINFO commands, which lack proper validation of pointers before they are...

kernel: smb2_ioctl_query_info NULL pointer dereference

A denial of service DOS issue was found in the Linux kernel’s smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged CAPSYSADMIN attacker to crash the system...

KB4598243: Windows 10 Version 1607 and Windows Server 2016 January 2021 Security Update

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685. CVE-2021-1642 - Windows DNS Query Information Disclosure Vulnerability...

CVE-2017-15352

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improp...