7.8
CVE-2026-46243
- EPSS 0.35%
- Veröffentlicht 01.06.2026 17:17:34
- Zuletzt bearbeitet 10.07.2026 12:17:03
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
smb: client: reject userspace cifs.spnego descriptions
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.24.1 < 5.10.258
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.209
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.175
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.142
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.92
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.34
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.11
Linux ≫ Linux Kernel Version2.6.24 Update-
Linux ≫ Linux Kernel Version2.6.24 Updaterc3
Linux ≫ Linux Kernel Version2.6.24 Updaterc4
Linux ≫ Linux Kernel Version2.6.24 Updaterc5
Linux ≫ Linux Kernel Version2.6.24 Updaterc6
Linux ≫ Linux Kernel Version2.6.24 Updaterc7
Linux ≫ Linux Kernel Version2.6.24 Updaterc8
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
Linux ≫ Linux Kernel Version7.1 Updaterc3
Linux ≫ Linux Kernel Version7.1 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.272 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-825 Expired Pointer Dereference
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7
https://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079
https://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2
https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981
https://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8
https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824
https://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013d
https://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbc
http://www.openwall.com/lists/oss-security/2026/06/01/6
https://bugzilla.redhat.com/show_bug.cgi?id=2481486
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46243.json
https://access.redhat.com/errata/RHSA-2026:28887
https://access.redhat.com/errata/RHSA-2026:28962
https://access.redhat.com/errata/RHSA-2026:26535
https://access.redhat.com/errata/RHSA-2026:27719
https://access.redhat.com/errata/RHSA-2026:27729
https://access.redhat.com/errata/RHSA-2026:33486
https://access.redhat.com/errata/RHSA-2026:23329
https://access.redhat.com/errata/RHSA-2026:26462
https://access.redhat.com/errata/RHSA-2026:26515
https://access.redhat.com/errata/RHSA-2026:26563
https://access.redhat.com/errata/RHSA-2026:27735
https://access.redhat.com/errata/RHSA-2026:23258
https://access.redhat.com/errata/RHSA-2026:23259
https://access.redhat.com/errata/RHSA-2026:23395
https://access.redhat.com/errata/RHSA-2026:24381
https://access.redhat.com/errata/RHSA-2026:25908
https://access.redhat.com/errata/RHSA-2026:26570
https://access.redhat.com/errata/RHSA-2026:27708
https://access.redhat.com/errata/RHSA-2026:33219
https://access.redhat.com/errata/RHSA-2026:33220
https://access.redhat.com/errata/RHSA-2026:33221
https://access.redhat.com/errata/RHSA-2026:33222
https://access.redhat.com/errata/RHSA-2026:33223
https://access.redhat.com/errata/RHSA-2026:33224
https://access.redhat.com/errata/RHSA-2026:33225
https://access.redhat.com/security/cve/CVE-2026-46243
https://github.com/manizada/CIFSwitch
https://access.redhat.com/errata/RHSA-2026:34764
https://access.redhat.com/errata/RHSA-2026:34788
https://access.redhat.com/errata/RHSA-2026:34815
https://access.redhat.com/errata/RHSA-2026:34048
https://access.redhat.com/errata/RHSA-2026:34757