165 matches found
CVE-2026-43377
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...
PT-2026-39038
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description When KSMBD DEBUG AUTH logging is enabled, the functions generate smb3signingkey and generate smb3encryptionkey log session, signing, encryption, and decryption key bytes, which can lead ...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: smb3: A missing lock occurs when picking the channel. Coverity has identified a point where we should have held the channel lock when accessing the ses channel index. Address: 1582039 "Data race condition MISSINGLOCK"...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013573)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013573 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a smb3: add smb3.1....
CLSA-2026-1773046198 kernel: Fix of 31 CVEs
smb3: fix for slab out of bounds on mount to ksmbd CVE-2025-38728 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too CVE-2025-38729 - net: atm: fix /proc/net/atm/lec handling CVE-2025-38180 - tcpbpf:...
CLSA-2026-1772815097 Fix of 72 CVEs
CVE-2025-38699 - scsi: bfa: Double-free fix CVE-2025-38699 CVE-2025-38697 - jfs: upper bound check of tree index in dbAllocAG CVE-2025-38697 CVE-2025-39823 - KVM: x86: use arrayindexnospec with indices that come from guest CVE-2025-39823 CVE-2025-39689 - ftrace: Also allocate and copy hash for...
CLSA-2026-1771081379 kernel: Fix of 76 CVEs
HID: core: ensure the allocated report buffer can contain the reserved report ID CVE-2025-38495 - fs/proc: fix uaf in procreaddirde CVE-2025-40271 - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer CVE-2025-40269 - Bluetooth: ISO: Fix possible UAF on isoconnfree CVE-2025-40141 -...
CLSA-2026-1770040438 kernel: Fix of 14 CVEs
efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...
CLSA-2026-1770028764 kernel: Fix of 14 CVEs
efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...
SUSE CVE-2025-71151
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...
CVE-2025-71151
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...
CVE-2025-71151
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...
CVE-2025-71151
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...
CVE-2025-71151 cifs: Fix memory and information leak in smb3_reconfigure()
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...
CVE-2025-71151
CVE-2025-71151 concerns the Linux kernel CIFS SMB3 reconfiguration path. In smb3_reconfigure(), when smb3_sync_session_ctx_passwords() fails, the function returns without freeing and erasing the newly allocated new_password and new_password2, causing a memory leak and potential information leak. ...
Linux Kernel Security Vulnerabilities
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smb3reconfigure function not releasing the password buffer when it fails, potentially leading...
Linux Distros Unpatched Vulnerability : CVE-2025-71151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if...
Linux Distros Unpatched Vulnerability : CVE-2023-53990
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SMB3: Add missing locks to protect deferred close file list cifsdeldeferredclose function has a critical section which modifies the deferred close file list. We...
cifs: fix memory leak in smb3_fs_context_parse_param error path
...