Home

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.

PUBLISHED Reserved 2026-05-13 | Published 2026-06-01 | Updated 2026-06-05 | Assigner Linux




HIGH: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Product status

Default status
unaffected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before 7713bd320ed4fc3d08a227cd8e41242219a16981
affected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before 9544559e59438a4b609b2fdfa0763d8360572824
affected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before cf20038657d6d4974349556a34e08fe0490bebbc
affected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before 2035acfb17221729b1b8ac335e941868a04ca079
affected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before a3bbda6502a9398b816fa2e71c9a3f955f58013d
affected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before 91f89c1d83e80417629791fcef6af8140d7d01c8
affected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before 0aece6685fc80a8de492688ca2315fb86ec379c7
affected

f1d662a7d5e5322e583aad6b3cfec03d8f27b435 (git) before 3da1fdf4efbc490041eb4f836bf596201203f8f2
affected

Default status
affected

2.6.24
affected

Any version before 2.6.24
unaffected

5.10.258 (semver)
unaffected

5.15.209 (semver)
unaffected

6.1.175 (semver)
unaffected

6.6.142 (semver)
unaffected

6.12.92 (semver)
unaffected

6.18.34 (semver)
unaffected

7.0.11 (semver)
unaffected

7.1-rc5 (original_commit_for_fix)
unaffected

References

github.com/manizada/CIFSwitch exploit

www.openwall.com/lists/oss-security/2026/06/01/6

git.kernel.org/...c/7713bd320ed4fc3d08a227cd8e41242219a16981

git.kernel.org/...c/9544559e59438a4b609b2fdfa0763d8360572824

git.kernel.org/...c/cf20038657d6d4974349556a34e08fe0490bebbc

git.kernel.org/...c/2035acfb17221729b1b8ac335e941868a04ca079

git.kernel.org/...c/a3bbda6502a9398b816fa2e71c9a3f955f58013d

git.kernel.org/...c/91f89c1d83e80417629791fcef6af8140d7d01c8

git.kernel.org/...c/0aece6685fc80a8de492688ca2315fb86ec379c7

git.kernel.org/...c/3da1fdf4efbc490041eb4f836bf596201203f8f2

cve.org (CVE-2026-46243)

nvd.nist.gov (CVE-2026-46243)

Download JSON