Lucene search
+L

212 matches found

nvd
nvd
added 4 days ago8 views

CVE-2026-59260

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS0.00714EPSS
Exploits0References2
cvelist
cvelist
added 4 days ago27 views

CVE-2026-59260 OpenWrt luci-app-samba4 read ACL remote code execution via smbd

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS0.00714EPSS
Exploits0References2
cve
cve
added 4 days ago21 views

CVE-2026-59260

OpenWrt luci-app-samba4 contains an ACL misconfiguration that grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments, enabling remote code execution via the SMB processing path. The vulnera...

8.8CVSS6.3AI score0.00714EPSS
Exploits0References2
ptsecurity
ptsecurity
added 4 days ago10 views

PT-2026-57557

Name of the Vulnerable Software and Affected Versions luci-app-samba4 affected versions not specified Description An issue in the read Access Control List ACL grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with command-line...

8.8CVSS6.3AI score0.00714EPSS
Exploits0References7
debiancve
debiancve
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53198

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

8.8CVSS5.6AI score0.00466EPSS
Exploits0
astralinux
astralinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The socket is closed after it has been accepted, even when the per-IP limit is exceeded and a connection attempt fails. When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret to -EAGAIN and...

5.9AI score0.00162EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.15 views

PT-2026-51940

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ksmbd crypt message function when using asynchronous hardware crypto engines, such as the Qualcomm Crypto Engine QCE. The function sets a NULL...

9.8CVSS5.8AI score0.00531EPSS
Exploits0References10
samba
samba
added 2026/05/26 12:0 a.m.10 views

Missing access checks on reparse point

Description Starting with Samba 4.21, users can create and delete NTFS-style reparse points https://en.wikipedia.org/wiki/NTFSreparsepoint via the SMB protocol. The Reparse Point Metadata is stored in an extended attribute named "user.SmbReparse" together with the FILEATTRIBUTEREPARSEPOINT bit in...

5.8AI score
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A mechToken leak was fixed when the SPNEGO decoding failed after the token allocation. The kernel’s ASN.1 BER decoder calls action callbacks incrementally as it processes the input. When ksmbddecodenegTokenInit reaches the...

5.5CVSS6AI score0.00136EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba. The Samba smbd file server must map Windows group identities SIDs to Unix group IDs gids. The code responsible for this mapping contained a flaw that could allow it to read data beyond the end of the array, in the event that a negative cache entry was added to the...

6.8CVSS6.6AI score0.01616EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The function ipcvalidatemsg now validates the response sizes. This function calculates the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon’s response to a...

7.1CVSS6AI score0.00125EPSS
Exploits0References1
osv
osv
added 2026/05/15 3:44 p.m.23 views

CLSA-2026-1778859875 samba: Fix of CVE-2025-0620

Fix CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session...

4.9CVSS5.8AI score0.00616EPSS
Exploits0References1
euvd
euvd
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28682

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

5.8AI score0.00444EPSS
Exploits0References6
susecve
susecve
added 2026/04/25 1:38 a.m.8 views

SUSE CVE-2026-31609

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchflush already calls smbdfreesendio, so we should not call it again after smbdpostsend moved it to the batch list...

8.1CVSS5.4AI score0.00457EPSS
Exploits0References3
nvd
nvd
added 2026/04/24 3:16 p.m.8 views

CVE-2026-31609

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchflush already calls smbdfreesendio, so we should not call it again after smbdpostsend moved it to the batch list...

9.8CVSS0.00457EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/24 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from repeated calls to smbdfreesendio after smbdsendbatchflush, resulting in double releases of...

9.8CVSS5.8AI score0.00457EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.11 views

PT-2026-34961

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the SMB client. The function smbd send batch flush already invokes smbd free send io, leading to a second call to smbd free send io after smbd post send mov...

9.8CVSS5.8AI score0.00525EPSS
Exploits1References316
zdi
zdi
added 2026/03/17 12:0 a.m.10 views

(Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of of the domainname parameter. The issue results from the la...

6.3CVSS7.2AI score0.00792EPSS
Exploits0References1
astralinux
astralinux
added 2026/03/03 9:29 a.m.9 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed the smbdirectrecvio leak in the smbdnegotiate error path. During tests of another unrelated patch, I was able to trigger this error: Objects remaining on kmemcacheshutdown...

5.5CVSS6.4AI score0.00137EPSS
Exploits0References2
cve
cve
added 2026/02/14 4:27 p.m.28 views

CVE-2025-71223

CVE-2025-71223 affects the Linux kernel's ksmbd SMB server path (smb2_open and ksmbd_vfs_getattr). The issue is a refcount leak when ksmbd_vfs_getattr() fails, potentially causing resource leakage and local impact. A kernel update fixing the refcount leak is provided by the referenced advisories ...

5.5CVSS5.2AI score0.00122EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder