Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The issue related to “slab-use-after-free” in smb3preauthhashrsp has been fixed. The function ksmbdusersessionput should be called under smb3preauthhashrsp. This will prevent freeing a session before calling...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The UAF issue in ksmbdtcpnewconnection has been fixed. The race that occurs is between the process of handling a new TCP connection and its disconnection. This causes a UAF error in the struct tcptransport structure within...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a use-after-free issue in Kerberos authentication. The introduction of sess-user = NULL was necessary to fix the dangling pointer created by ksmbdfreeuser. However, it is possible that another thread might be...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A potential out-of-bounds error has been fixed when the buffer offset is invalid. I identified a potential out-of-bounds situation when the buffer offset fields of several requests are invalid. This patch sets the minimum...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fix for a use-after-free in smb2lock. If smblock-zerolen has a value, the -llist of smblock is not deleted, and flock is an old version. This could lead to a use-after-free during error handling routines...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A possible reference count leak in smb2open has been fixed. The reference count of ACLs will cause a leak when memory allocation fails. This issue has been addressed by adding the missing posixaclrelease function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: It is required that 3 sub-authorities are present before reading subauth2. parsedacl compares each ACE SID against sidunixNFSmode. When a match is found, it reads sid.subauth2 as the file mode. If sidunixNFSmode represents...

CVE-2026-43379

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smblazyparentleasebreakclose opinfo pointer obtained via rcudereferencefp-fopinfo is being accessed after rcureadunlock has been called. This creates a race condition where the memory could be freed b...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The reference count leak in smbcheckpermdacl has been fixed. The issue occurs in a specific part of smbcheckpermdacl. When “id” and “uid” have the same value, the function simply jumps out of the loop without decrementing...

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel. A race condition between the smb2 close operation and logoff in multi-channel connections could lead to a use-after-free issue...

CVE-2026-31718

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdclosefd via durable scavenger When a durable file handle survives session disconnect TCP close without SMB2LOGOFF, sessionfdcheck sets fp-conn = NULL to preserve the handle for later reconnection...

CVE-2026-31611

CVE-2026-31611 affects the Linux kernel's ksmbd path. The flaw occurs in parse_dacl() when comparing ACE SIDs to sid_unix_NFS_mode and subsequently reading sid.sub_auth[2] as the file mode. If the SID has only two sub-authorities, an ACE placed at the end of the ACL can cause sid.sub_auth[2] to r...

ksmbd: do not expire session on binding failure

...

CVE-2026-31410

A flaw was found in ksmbd in the Linux kernel. This vulnerability occurs because ksmbd incorrectly uses a fallback identifier when a volume's Universal Unique Identifier UUID is not available in FSOBJECTIDINFORMATION. This could lead to improper volume identification...

ksmbd: Compare MACs in constant time

...

ROS-20260121-73-0032

A vulnerability in the ksmbd component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data and also cause a denial of service...

ksmbd: vfs: fix race on m_flags in vfs_cache

...

PT-2026-6163

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel's ksmd and smbd components related to the dma unmap sg function. The issue arises because dma unmap sg is called with an incorrect number of segments,...

PT-2025-51659

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ksmbd module where a socket is leaked when the per-IP connection limit is exceeded during connection attempts. Specifically, when ksmbd kthread fn...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990603 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uncleared server-smbdconn in reconnect In smbddestroy, clear the...