1853 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb3: Fixed temporary data corruption during the insert range operation. The insert range does not discard the affected cached data; therefore, there is a risk of temporarily corrupting file data. Some minor optimizations were...
Astra Linux – Vulnerability in Linux 5.15
A use-after-free flaw was discovered in the smb2isstatusiotimeout function in CIFS within the Linux kernel. After CIFS transfers response data via a system call, there are still local variables pointing to the memory region. If the system call frees those pointers faster than CIFS uses them, CIFS...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the handling of the SMB2TREECONNECT and SMB2QUERYINFO commands. The issue arises from the lack of proper validation of a pointer before accessing it. An...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cifs: fixed a small mempool leak in SMB2negotiate. In some cases of failures dialect mismatches in SMB2negotiate, after the request is sent, the checks would return -EIO. Instead, it should return rc = -EIO and then jump to negex...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed an oops during encryption When running xfstests against Azure, the following oops occurred on an arm64 system: Unable to handle kernel writes to read-only memory at virtual address ffff0001221cf000 Mem abort info:...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed a double-free race that occurs when the mount operation fails in cifsgetroot When cifsgetroot fails during cifssmb3domount, we call deactivatelockedsuper, which will eventually call delayedfree, which frees the...
Astra Linux – Vulnerability in Samba
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions, when the Samba VFS module “aclxattr” is configured with “aclxattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed issues with OOBs during the construction of SMB2IOCTL requests. When encryption is used, whether enforced by the server or when the ‘seal’ mount option is used, the client will squash all compound request buffe...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a UAF in smb20oplockbreakack. removed references after using opinfo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: Fixed a use-after-free in cifsfilldirent. There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Do not log keys during SMB3 signing and encryption key generation. When the KSMBDDEBUGAUTH logging option is enabled, the functions generatesmb3signingkey and generatesmb3encryptionkey log the bytes of the session, signing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails, ksmbd sets conn-binding = true, but never clears this value during the error path. As a result, the connection remains in a binding state,...
Astra Linux – Vulnerability in Samba
A flaw was discovered in the way Samba implemented SMB1 authentication. An attacker could exploit this flaw to retrieve the plain-text password sent over the network, even if Kerberos authentication was required...
Astra Linux – Vulnerability in Linux 6.1
A out-of-bounds read vulnerability was discovered in smb2dumpdetail in the fs/smb/client/smb2ops.c file within the Linux kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...
Astra Linux – Vulnerability in Linux 5.15
A issue was discovered in the Linux kernel before version 6.3.8. In the file fs/smb/server/connection.c of ksmbd, the relationship between the length field of the NetBIOS header and the sizes of the SMB headers is not validated, as handled through the pdudsize function in ksmbdconnhandlerloop. Th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: The system now validates the entire DACL before rewriting it using cifsacl. The functions buildsecdesc and idmodetocifsacl derive a pointer to the DACL from a dacloffset provided by the server. They then use the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed the directory separator in SMB1 UNIX mounts. When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps. Otherwise, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: Client: Avoid double-free operations in smbdfreesendio after smbdsendbatchflush. smbdsendbatchFlush already calls smbdfreesendio; therefore, we should not call it again after smbdpostsend. It has been moved to the batch...
CVE-2026-48818
A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery SSRF. A remote attacker can exploit this by providing a specially crafted Universal Naming Convention UNC path, which causes the system to initia...
kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...