Lucene search
K

80 matches found

Amazon
Amazon
added 2026/07/07 12:0 a.m.4 views

Low: cifs-utils

Issue Overview: No CVE associated with this advisory Affected Packages: cifs-utils Issue Correction: Run dnf update cifs-utils --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1927 --releasever 2023.12.20260706 to update your system. More information on how to update your syst...

7.8CVSS5.9AI score0.0012EPSS
Exploits0
OSV
OSV
added 2026/07/05 12:5 p.m.9 views

RLSA-2026:32990 Important: cifs-utils security update

The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.5 views

cifs-utils security update

An update is available for cifs-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The SMB/CIFS protocol is a standard file sharing protocol widely deployed...

7.8CVSS5.8AI score0.0012EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

RHEL 10 : cifs-utils (RHSA-2026:32990)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:32990 advisory. The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 11:15 p.m.5 views

cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 4:16 a.m.5 views

DEBIAN-CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 4:16 a.m.19 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 4:16 a.m.5 views

UBUNTU-CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/18 3:34 a.m.9 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 3:34 a.m.16 views

EUVD-2026-37834

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 3:34 a.m.29 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.12 views

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7585-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-2 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls...

7.8CVSS7.8AI score0.00254EPSS
Exploits0References33
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:22 p.m.14 views

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

5.8AI score0.00353EPSS
Exploits4References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 4:22 p.m.13 views

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.1CVSS5.8AI score0.00353EPSS
Exploits4References8
BDU FSTEC
BDU FSTEC
added 2026/06/01 12:0 a.m.3 views

The vulnerability of the cifs_get_spnego_key() function in the cifs.upcall tool of the cifs-utils package in Linux kernel allows a attacker to elevate their privileges to root and execute arbitrary code.

The vulnerability of the cifsgetspnegokey function in the cifs.upcall tool of the cifs-utils package in Linux kernel systems is related to the lack of authentication for the critical function. Exploiting this vulnerability can allow an attacker to elevate their privileges to root and execute...

8.8CVSS6AI score0.00353EPSS
Exploits4References22Affected Software12
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:4 a.m.13 views

openvswitch: cap upcall PID array size and pre-size vport replies

...

7CVSS5.4AI score0.00117EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.13 views

SUSE CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

6.5CVSS5.9AI score0.00117EPSS
Exploits0References12
CVE
CVE
added 2026/05/27 12:18 p.m.31 views

CVE-2026-45983

In CVE-2026-45983, the Linux kernel NFS server (nfsd) vulnerability stems from idmap lookup upcalls during v4 request decoding: if upcall responses are delayed beyond the time limit, cache_check() postpones the request and it gets dropped, causing NFSD4_SLOT_INUSE to block subsequent SEQUENCE ope...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/05/27 12:15 p.m.27 views

CVE-2026-45870

CVE-2026-45870 affects the Linux kernel’s SUNRPC auth_gss path. The issue is memory leaks in XDR decoding error paths caused by gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() allocating buffers via gssx_dec_buffer()/kmemdup() and returning on error without freeing previously allocated mem...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder