Lucene search
+L

731 matches found

redhat
redhat
added 2026/07/08 6:13 a.m.4 views

kernel: smb/client: fix out-of-bounds read in smb2_compound_op()

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...

9.1CVSS6.1AI score0.00478EPSS
Exploits0References5
almalinux
almalinux
added 2026/07/06 12:0 a.m.20 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fs/smb/client: fix out-of-bounds read in cifssanitizeprepath CVE-2026-43112 kernel: net: mana: Fix double destroyworkqueue on service rescan PCI path CVE-2026-43276 kernel: Linux kernel:...

9.3CVSS6.6AI score0.0053EPSS
Exploits2References24
redhatcve
redhatcve
added 2026/06/26 9:59 a.m.7 views

CVE-2026-53271

A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit a NULL-dereference vulnerability in the oplock/lease break notifiers. This occurs because opinfo-conn is read without proper checks, allowing a concurrent Server Message Block SMB2 LOGOFF to set op-conn t...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References4
nvd
nvd
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53198

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

8.8CVSS0.00466EPSS
Exploits0References6
osv
osv
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53198

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

8.8CVSS5.6AI score0.00466EPSS
Exploits0References9
cvelist
cvelist
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53198 ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

8.8CVSS0.00466EPSS
Exploits0References6
nessus
nessus
added 2026/06/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor...

9.8CVSS6AI score0.00435EPSS
Exploits0References3
euvd
euvd
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38878

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

5.7AI score0.00435EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.13 views

PT-2026-51904

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2 open during durable reconnect In smb2 open, the call to ksmbd put durable fdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS5.7AI score0.00435EPSS
Exploits0References5
astralinux
astralinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.19, prior to 5.19.2. There is an out-of-bounds read and an OOPS error for SMB2write, when a large length is present in the zero DataOffset case. source-iocs-preserved const=SMB2WRITE...

8.1CVSS6.7AI score0.03503EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.19, prior to 5.19.2. The file fs/ksmbd/smb2pdu.c contains a use-after-free condition and an OOPS error related to SMB2TREEDISCONNECT...

9.8CVSS6.8AI score0.46428EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.19, prior to 5.19.2. The file fs/ksmbd/smb2misc.c contains an out-of-bounds read and an OOPS error related to the SMB2TREECONNECT function...

6.5CVSS6.8AI score0.58461EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/19 11:10 a.m.16 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.18, prior to 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case of smb2write...

8.1CVSS6.7AI score0.01393EPSS
Exploits0References2
nessus
nessus
added 2026/06/18 12:0 a.m.9 views

Siemens RUGGEDCOM RST2428P Infinite Loop (CVE-2026-23220)

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References3
osv
osv
added 2026/05/28 10:16 a.m.7 views

UBUNTU-CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

9.1CVSS5.7AI score0.00478EPSS
Exploits0References12
attackerkb
attackerkb
added 2026/05/28 9:36 a.m.11 views

CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

9.1CVSS5.8AI score0.00513EPSS
Exploits0References7Affected Software1
euvd
euvd
added 2026/05/28 9:36 a.m.20 views

EUVD-2026-32782

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.8AI score0.00478EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/28 9:36 a.m.41 views

CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

9.1CVSS0.00478EPSS
Exploits0References5
osv
osv
added 2026/05/28 9:36 a.m.3 views

CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

9.1CVSS6.6AI score0.00478EPSS
Exploits0References8
osv
osv
added 2026/05/27 12:18 p.m.1 views

CVE-2026-45972 smb: client: fix potential UAF and double free in smb2_open_file()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

9.8CVSS6.6AI score0.00333EPSS
Exploits0References12
Rows per page
Query Builder