705 matches found
UBUNTU-CVE-2026-46155
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...
CVE-2026-46185
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...
CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...
EUVD-2026-32782
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...
CVE-2026-45972
smb: client: fix potential UAF and double free in smb2openfile...
PT-2026-43839
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2 open file Zero out @err iov and @err buftype before retrying SMB2 open to prevent an UAF bug if @data != NULL, otherwise a double free...
Astra Linux - уязвимость в linux-5.15, linux-6.1
A issue was discovered in ksmbd within the Linux kernel before version 6.6.10. The smb2getdataarealen function in fs/smb/server/smb2misc.c can lead to an out-of-bounds access via smbstrndupfromutf16, due to improper handling of the relationship between the Name data and the CreateContexts data...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: smb/server: fixed a potential null-ptr-deref of leasectxinfo in smb2open A null-ptr-deref will occur when reqoplevel == SMB2OPLOCKLEVELLEASE and parseleasestate returns NULL. This issue can be fixed by checking whether...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fix for use-after-free in smb2lock. If smblock-zerolen has a value, the -llist of smblock is not deleted, and flock is an old version. This will cause a use-after-free during error handling routines...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The validation of the request buffer size was added in smb2allocaterspbuf. The response buffer should be allocated in smb2allocaterspbuf before validation of the request. However, fields within the payload as well as the...
Astra Linux - уязвимость в linux-5.15
A issue was discovered in the Linux kernel before version 6.3.4. ksmbd has a buffer overflow vulnerability in the smb2findcontextvals function, when the namelen of createcontext is larger than the length of the tag...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a bug in the trap function of smb2lock. If the lock count is greater than 1, the flags might contain an outdated value. This issue should be checked using the flags of smb Lock, not those of smb Lock. This could...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed an oops due to uninitialized variables in smb2unlink. If SMB2openinit or SMB2closeinit fails e.g., due to reconnection, the iovs structure @rqst may remain uninitialized. As a result, calling SMB2openfree,...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Free UAF in smb2isvalidleasebreak. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential OOBs in smb2ParseContexts Validated offsets and lengths before dereferencing and creating contexts in smb2ParseContexts. This fixes the following OOPs when accessing invalid create contexts from th...
Astra Linux - уязвимость в linux-5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the handling of SMB2LOGOFF commands. The issue arises from the lack of proper validation of a pointer before accessing it. An attacker can exploit this...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A slab-out-of-bounds issue was fixed in smbstrndupfromutf16. If the -NameOffset of smb2createreq is smaller than the Buffer offset of smb2createreq, a slab-out-of-bounds read may occur from smb2open. This patch sets the...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a bug where a missing return value check was present. In the smb2sendinterimresp function, if ksmbdallocworkstruct fails to allocate a node, it returns a NULL pointer to the inwork pointer. This can lead to an...
SUSE CVE-2026-43378
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...
openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory. This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor...