CVE-2026-31708

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013496)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013496 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2ioctlqueryinfo When calling smb2ioctlqueryinfo with...

Siemens SIMATIC Devices Out-of-bounds Write (CVE-2024-50151)

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...

UBUNTU-CVE-2022-49271

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2ioctlqueryinfo When calling smb2ioctlqueryinfo with smbqueryinfo::flags=PASSTHRUFSCTL and smbqueryinfo::outputbufferlength=0, the following would return 0x10 buffer = memdupuserarg +...

CVE-2022-49271

CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...

AZL-53733 CVE-2024-50151 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryption into a single i...

kernel: smb2_ioctl_query_info NULL pointer dereference

A denial of service DOS issue was found in the Linux kernel’s smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged CAPSYSADMIN attacker to crash the system...

kernel: smb2_ioctl_query_info NULL pointer dereference

A denial of service DOS issue was found in the Linux kernel’s smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged CAPSYSADMIN attacker to crash the system...

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local privileged (CAP_SYS_ADMIN) attacker to crash the system.

...