80 matches found
Low: cifs-utils
Issue Overview: No CVE associated with this advisory Affected Packages: cifs-utils Issue Correction: Run dnf update cifs-utils --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1927 --releasever 2023.12.20260706 to update your system. More information on how to update your syst...
RLSA-2026:32990 Important: cifs-utils security update
The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a...
cifs-utils security update
An update is available for cifs-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The SMB/CIFS protocol is a standard file sharing protocol widely deployed...
RHEL 10 : cifs-utils (RHSA-2026:32990)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:32990 advisory. The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for...
cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
DEBIAN-CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
UBUNTU-CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
CVE-2026-12505
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
EUVD-2026-37834
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...
Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7585-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-2 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls...
CVE-2026-46243
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...
CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...
The vulnerability of the cifs_get_spnego_key() function in the cifs.upcall tool of the cifs-utils package in Linux kernel allows a attacker to elevate their privileges to root and execute arbitrary code.
The vulnerability of the cifsgetspnegokey function in the cifs.upcall tool of the cifs-utils package in Linux kernel systems is related to the lack of authentication for the critical function. Exploiting this vulnerability can allow an attacker to elevate their privileges to root and execute...
openvswitch: cap upcall PID array size and pre-size vport replies
...
SUSE CVE-2026-45840
In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...
CVE-2026-45983
In CVE-2026-45983, the Linux kernel NFS server (nfsd) vulnerability stems from idmap lookup upcalls during v4 request decoding: if upcall responses are delayed beyond the time limit, cache_check() postpones the request and it gets dropped, causing NFSD4_SLOT_INUSE to block subsequent SEQUENCE ope...
CVE-2026-45870
CVE-2026-45870 affects the Linux kernel’s SUNRPC auth_gss path. The issue is memory leaks in XDR decoding error paths caused by gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() allocating buffers via gssx_dec_buffer()/kmemdup() and returning on error without freeing previously allocated mem...