Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validating the session ID and tree ID in compound requests. The function smb2getmsg in smb2getksmbdtcon and smb2checkusersession always returns the first command in a compound request’s header. If SMB2TREECONNECTHE is the...

EUVD-2026-28684

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

CVE-2026-43378

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a corruption in the on-the-fly encryption process in the SMB2write function. This vulnerability may cau...

CVE-2026-31717

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

UBUNTU-CVE-2026-23282

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...

CVE-2023-54203

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1 negotiate56bytes , initsmb2rsphdr for smb2 is called. The issue occurs whil...

CVE-2025-68226

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix incomplete backport in cfidsinvalidationworker The previous commit bdb596ceb4b7 "smb: client: fix potential UAF in smb2closecachedfid" was an incomplete backport and missed one krefput call in...

PT-2025-49387

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A memory leak exists in the Linux kernel's SMB server, specifically within the smb2 read function when ksmbd vfs read fails. This occurs due to a missing kvfree call, leading to potentia...

DEBIAN-CVE-2025-57632

libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs NextCommand, libsmb2 repeatedly calls smb2addiovector to append to a fixed-size iovec array without checking the upper bound of v-niov SMB2MAXVECTORS=256. An attacker can craft responses with many chained PDUs to...

CVE-2023-53358 ksmbd: fix racy issue under cocurrent smb2 tree disconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREECONNEXPIRE flags for tcon to avoid cocurrent access...

DEBIAN-CVE-2023-3867

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2sesssetup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first...

CVE-2023-3866 ksmbd: validate session id and tree id in the compound request

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So...

CVE-2023-3865 ksmbd: fix out-of-bound read in smb2_write

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2write ksmbdsmb2checkmessage doesn't validate hdr-NextCommand. If -NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in...

UBUNTU-CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue...

PT-2026-8177

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's smb/server component within the create smb2 pipe function. Specifically, if the ksmbd iov pin rsp function fails, the ksmbd session rpc close function...

UBUNTU-CVE-2024-53179

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses-authkey.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifsmount dfsmountshare getsession...

kernel: smb: client: fix use-after-free in smb2_query_info_compound()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in smb2queryinfocompound The following UAF was triggered when running fstests generic/072 with KASAN enabled against Windows Server 2022 and mount options...