EUVD-2026-38297

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

PT-2026-51362

Name of the Vulnerable Software and Affected Versions Canonical ADSys versions prior to v0.16.3 Description An issue exists during Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendor samba/gp/gp...

Critical Photon OS Security Update - PHSA-2026-5.0-0886

Updates of 'nano', 'libsolv', 'samba-client' packages of Photon OS have been released...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

SUSE CVE-2026-46139

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevented races in -queryinterfaces It was possible for two query interfaces to simultaneously attempt to update the interfaces. This issue can be avoided by checking and updating ifacelastupdate under ifacelock...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A memory read flaw that is outside the safe bounds was discovered in receiveencryptedstandard in fs/smb/client/smb2ops.c, within the SMB Client sub-component of the Linux kernel. This issue arises due to an integer underflow occurring during the memcpy operation’s length calculation, resulting in...

UBUNTU-CVE-2026-43350

In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parsedacl treats an ACE SID matching sidunixNFSmode as an NFS mode SID and reads sid.subauth2 to recover the mode bits. That assumes the ACE carries three...

CVE-2026-43239

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in -queryinterfaces It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating ifacelastupdate under ifacelock...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed a memory leak in cifsconstructtcon When using a multiuser mount with domain= specified and cifscreds, cifssetcifscreds will set @ctx-domainname, so it needs to be freed before leaving cifsconstructtcon. This...

Linux Distros Unpatched Vulnerability : CVE-2026-31609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchflush already calls smbdfreesendio, so we should not call it again after...

CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

CVE-2026-23230

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but are updated in different code paths that may run concurrently. Bitfiel...

Linux Distros Unpatched Vulnerability : CVE-2026-23230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but a...

CVE-2021-27185

The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec...

CVE-1999-0179

Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share...

Critical Photon OS Security Update - PHSA-2025-4.0-0892

Updates of 'samba-client' packages of Photon OS have been released...

Linux Distros Unpatched Vulnerability : CVE-2025-39933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes. CVE-2025-39933 Note that Nessus...

EUVD-1999-0179

Malware in sbrugna...