CVE-2026-43490

EPSS 0.02%
Veröffentlicht 15.05.2026 05:15:37
Zuletzt bearbeitet 15.05.2026 06:16:20
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ksmbd: validate inherited ACE SID length

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate inherited ACE SID length

smb_inherit_dacl() walks the parent directory DACL loaded from the
security descriptor xattr. It verifies that each ACE contains the fixed
SID header before using it, but does not verify that the variable-length
SID described by sid.num_subauth is fully contained in the ACE.

A malformed inheritable ACE can advertise more subauthorities than are
present in the ACE. compare_sids() may then read past the ACE.
smb_set_ace() also clamps the copied destination SID, but used the
unchecked source SID count to compute the inherited ACE size. That could
advance the temporary inherited ACE buffer pointer and nt_size accounting
past the allocated buffer.

Fix this by validating the parent ACE SID count and SID length before
using the SID during inheritance. Compute the inherited ACE size from the
copied SID so the size matches the bounded destination SID. Reject the
inherited DACL if size accumulation would overflow smb_acl.size or the
security descriptor allocation size.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9

Version < 47c6e37a77b10e74f70d845ba4ea5d3cafa00336

Status affected

Version e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9

Version < 1aa60fea7f637c071f529ad6784aecca2f2f0c5f

Status affected

Version e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9

Version < c1d95c995d5bcb24b639200a899eda59cb1e6d64

Status affected

Version e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9

Version < 996454bc0da84d5a1dedb1a7861823087e01a7ae

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version 0

Version < 5.15

Status unaffected

Version <= 6.12.*

Version 6.12.88

Status unaffected

Version <= 6.18.*

Version 6.18.30

Status unaffected

Version <= 7.0.*

Version 7.0.7

Status unaffected

Version <= *

Version 7.1-rc3

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/47c6e37a77b10e74f70d845ba4ea5d3cafa00336

https://git.kernel.org/stable/c/1aa60fea7f637c071f529ad6784aecca2f2f0c5f

https://git.kernel.org/stable/c/c1d95c995d5bcb24b639200a899eda59cb1e6d64

https://git.kernel.org/stable/c/996454bc0da84d5a1dedb1a7861823087e01a7ae

https://nvd.nist.gov/vuln/detail/CVE-2026-43490

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43490

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43490

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-43490