Lucene search
K
LinuxLinux Kernel6.1.71

11 matches found

CVE
CVE
added 2025/01/19 11:52 a.m.147 views

CVE-2024-57925

CVE-2024-57925 affects the Linux kernel’s ksmbd component. A NULL pointer returned by ksmbd_alloc_work_struct() in smb2_send_interim_resp() could allow an illegal memory write to in_work->response_buf during kzalloc() on the in_work structure. The connected documents confirm a fix that adds a ...

7.1CVSS6.6AI score0.00203EPSS
CVE
CVE
added 2025/04/08 8:18 a.m.117 views

CVE-2025-22015

CVE-2025-22015 : In the Linux kernel, the vulnerability lies in mm/migrate where a shmem folio can be in page cache or swap cache but not both. The root cause is that __folio_migrate_mapping() used folio_test_swapbacked() to determine how many xarray entries to update, which conflates shmem in pa...

5.5CVSS7.1AI score0.00173EPSS
CVE
CVE
added 2024/11/19 1:30 a.m.103 views

CVE-2024-50284

CVE-2024-50284 is a Linux kernel issue affecting ksmbd where missing xa_store error checking could fail the XArray storage, potentially enabling privilege/escalation in affected kernel code paths. The root cause is improper handling of xa_store() returning xa_err(-EINVAL) or xa_err(-ENOMEM). Publ...

5.5CVSS6.3AI score0.00228EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.49 views

CVE-2026-31705

The CVE-2026-31705 issue affects the ksmbd component of the Linux kernel, where an out-of-bounds write occurs in smb2_get_ea() during EA alignment padding. After writing each EA entry, a 4-byte alignment padding is applied with memset() unconditionally, potentially overwriting adjacent kernel hea...

9.8CVSS5.9AI score0.00389EPSS
CVE
CVE
added 2026/04/22 8:15 a.m.37 views

CVE-2026-31432

CVE-2026-31432 affects the Linux kernel ksmbd component. Affected handling of compound requests (e.g., READ + QUERY_INFO(Security)) could allow an out-of-bounds write when the first READ command consumes most of the response buffer and ksmbd builds a security descriptor. The root cause is that sm...

8.8CVSS5.8AI score0.00507EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.36 views

CVE-2026-31478

The CVE-2026-31478 issue affects ksmbd in the Linux kernel. The root cause is an incorrect calculation of the response buffer length in smb2_calc_max_out_buf_len(), where a hardcoded hdr2_len was used instead of the correct offset to the Buffer field. The security advisories describe that after a...

9.8CVSS5.8AI score0.00502EPSS
CVE
CVE
added 2026/02/18 2:53 p.m.34 views

CVE-2026-23220

CVE-2026-23220 – Linux kernel ksmbd infinite loop fix : In ksmbd, when a signed SMB2 request fails verification, __process_request() triggers an error path that calls set_smb2_rsp_status() and resets next_smb2_rcv_hdr_off to zero. This loses the pointer to the next command in the chain, so is_cha...

5.5CVSS5.2AI score0.00118EPSS
CVE
CVE
added 2025/10/28 11:48 a.m.29 views

CVE-2025-40039

CVE-2025-40039 relates to the Linux kernel ksmbd subsystem. It describes a race condition in the RPC handle list (sess->rpc_handle_list) managed per ksmbd session. The underlying issue: in ksmbd_session_rpc_open(), xa_store() and xa_erase() modify the XArray but were guarded only by a read loc...

4.7CVSS6.3AI score0.00124EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.25 views

CVE-2025-71220

Technical details about CVE-2025-71220 (affected product/component/version, root cause, impact, fixes) are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.

7.8CVSS5.2AI score0.0013EPSS
CVE
CVE
added 2026/04/22 8:15 a.m.18 views

CVE-2026-31433

CVE-2026-31433 affects the Linux kernel ksmbd module. A vulnerability arises when processing a compound SMB request of QUERY_DIRECTORY + QUERY_INFO (FILE_ALL_INFORMATION): the code lacked a validation check on the client-provided OutputBufferLength before copying a filename into the smb2_file_all...

8.8CVSS5.8AI score0.006EPSS
CVE
CVE
added 2026/01/13 3:29 p.m.13 views

CVE-2025-68817

The CVE-2025-68817 entry concerns a Linux kernel ksmbd issue: a use-after-free in ksmbd_tree_connect_put under concurrent disconnect paths. Under high concurrency, a tcon (tree-connection object) can be freed on disconnect while another path still holds a reference and may later call *_put() or w...

7.8CVSS6.2AI score0.00159EPSS