Lucene search
K
LinuxLinux Kernel5.15.145

11 matches found

CVE
CVE
added 2025/03/12 7:28 a.m.148 views

CVE-2024-58087

CVE-2024-58087 relates to the Linux kernel ksmbd subsystem. The root cause is a racy issue during session lookup and expire. The fix, as documented in connected sources, increments the session reference count while holding the relevant lock to prevent race conditions with session expiry. The vuln...

8.1CVSS6.6AI score0.00449EPSS
CVE
CVE
added 2025/01/19 11:52 a.m.147 views

CVE-2024-57925

CVE-2024-57925 affects the Linux kernel’s ksmbd component. A NULL pointer returned by ksmbd_alloc_work_struct() in smb2_send_interim_resp() could allow an illegal memory write to in_work->response_buf during kzalloc() on the in_work structure. The connected documents confirm a fix that adds a ...

7.1CVSS6.6AI score0.00203EPSS
CVE
CVE
added 2024/11/19 1:30 a.m.103 views

CVE-2024-50284

CVE-2024-50284 is a Linux kernel issue affecting ksmbd where missing xa_store error checking could fail the XArray storage, potentially enabling privilege/escalation in affected kernel code paths. The root cause is improper handling of xa_store() returning xa_err(-EINVAL) or xa_err(-ENOMEM). Publ...

5.5CVSS6.3AI score0.00228EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.49 views

CVE-2026-31705

The CVE-2026-31705 issue affects the ksmbd component of the Linux kernel, where an out-of-bounds write occurs in smb2_get_ea() during EA alignment padding. After writing each EA entry, a 4-byte alignment padding is applied with memset() unconditionally, potentially overwriting adjacent kernel hea...

9.8CVSS5.9AI score0.00389EPSS
CVE
CVE
added 2026/04/22 8:15 a.m.37 views

CVE-2026-31432

CVE-2026-31432 affects the Linux kernel ksmbd component. Affected handling of compound requests (e.g., READ + QUERY_INFO(Security)) could allow an out-of-bounds write when the first READ command consumes most of the response buffer and ksmbd builds a security descriptor. The root cause is that sm...

8.8CVSS5.8AI score0.00507EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.36 views

CVE-2026-31478

The CVE-2026-31478 issue affects ksmbd in the Linux kernel. The root cause is an incorrect calculation of the response buffer length in smb2_calc_max_out_buf_len(), where a hardcoded hdr2_len was used instead of the correct offset to the Buffer field. The security advisories describe that after a...

9.8CVSS5.8AI score0.00502EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.34 views

CVE-2026-23220

CVE-2026-23220 – Linux kernel ksmbd infinite loop fix : In ksmbd, when a signed SMB2 request fails verification, __process_request() triggers an error path that calls set_smb2_rsp_status() and resets next_smb2_rcv_hdr_off to zero. This loses the pointer to the next command in the chain, so is_cha...

5.5CVSS5.2AI score0.00118EPSS
CVE
CVE
added 2025/10/28 11:48 a.m.29 views

CVE-2025-40039

CVE-2025-40039 relates to the Linux kernel ksmbd subsystem. It describes a race condition in the RPC handle list (sess->rpc_handle_list) managed per ksmbd session. The underlying issue: in ksmbd_session_rpc_open(), xa_store() and xa_erase() modify the XArray but were guarded only by a read loc...

4.7CVSS6.3AI score0.00124EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.25 views

CVE-2025-71220

Technical details about CVE-2025-71220 (affected product/component/version, root cause, impact, fixes) are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.

7.8CVSS5.2AI score0.0013EPSS
CVE
CVE
added 2026/04/22 8:15 a.m.18 views

CVE-2026-31433

CVE-2026-31433 affects the Linux kernel ksmbd module. A vulnerability arises when processing a compound SMB request of QUERY_DIRECTORY + QUERY_INFO (FILE_ALL_INFORMATION): the code lacked a validation check on the client-provided OutputBufferLength before copying a filename into the smb2_file_all...

8.8CVSS5.8AI score0.006EPSS
CVE
CVE
added 2026/01/13 3:29 p.m.13 views

CVE-2025-68817

The CVE-2025-68817 entry concerns a Linux kernel ksmbd issue: a use-after-free in ksmbd_tree_connect_put under concurrent disconnect paths. Under high concurrency, a tcon (tree-connection object) can be freed on disconnect while another path still holds a reference and may later call *_put() or w...

7.8CVSS6.2AI score0.00159EPSS