Lucene search
K

1853 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.17 views

CVE-2026-46195

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...

9.8CVSS5.8AI score0.00675EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.14 views

CVE-2026-46195

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...

9.8CVSS5.7AI score0.00675EPSS
Exploits0
CVE
CVE
added 2026/05/28 9:36 a.m.109 views

CVE-2026-46195

The CVE-2026-46195 entry concerns a Linux kernel SMB client vulnerability. 32-bit servers can supply a crafted dacloffset that wraps a DACL pointer, allowing dereferencing of DACL fields during chmod/chown if validated only after pointer arithmetic. The flaw occurs in parse_sec_desc(), build_sec_...

9.8CVSS5.8AI score0.00675EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.32 views

CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

9.1CVSS0.00513EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.12 views

CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

9.1CVSS5.7AI score0.00478EPSS
Exploits0
EUVD
EUVD
added 2026/05/28 9:36 a.m.19 views

EUVD-2026-32782

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.8AI score0.00478EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46139 smb: client: use kzalloc to zero-initialize security descriptor buffer

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

0.00122EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.8 views

CVE-2026-46139

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
CVE
CVE
added 2026/05/28 9:35 a.m.26 views

CVE-2026-46139

CVE-2026-46139 covers the Linux kernel SMB client: when building an ACL descriptor in build_sec_desc(), a kzalloc-based allocation fix was introduced to zero-initialize the security descriptor buffer, replacing a previous kmalloc path. The change splits struct smb_acl's __le32 num_aces into __le1...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/28 8:47 a.m.11 views

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.12 views

SUSE CVE-2026-45972

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized zeroed security descriptor buffer in the smb client. This vulnerability may allow...

5.9AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.22 views

PT-2026-44278

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the smb2 compound op function. This occurs when a server sends a truncated response with a large OutputBufferLength and terminates the EA list early. In...

9.1CVSS5.9AI score0.00478EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation of the dacloffset value in the smb client. Malicious servers can return a...

9.8CVSS5.8AI score0.00675EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 12:0 a.m.20 views

ALSA-2026:21745 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...

9.4CVSS6AI score0.00514EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44308

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the symlink data function. This occurs because smb2 check message returns success without validating the length for the symlink error response...

9.1CVSS6.1AI score0.00513EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-45972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and...

9.8CVSS6.5AI score0.00333EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/27 10:47 p.m.15 views

CVE-2026-45972

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability, within the smb2openfile function, could allow an attacker to cause memory corruption due to improper handling of memory during file open operations. This could lead to system instability or potentially...

9.8CVSS6AI score0.00333EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32256

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

5.8AI score0.00333EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/05/27 12:18 p.m.8 views

CVE-2026-45972

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

9.8CVSS5.7AI score0.00333EPSS
Exploits0
Rows per page
Query Builder