smb: client: reject userspace cifs.spnego descriptions
cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, userspace can also create keys of
this type through request_key(2) or add_key(2), allowing those fields to
be supplied without CIFS origin.
Only accept cifs.spnego descriptions while CIFS is using its private
spnego_cred to request the key.
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8488-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8489-1 | Linux kernel (OEM) vulnerabilities |
Ubuntu USN |
USN-8490-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8491-1 | Linux kernel (OEM) vulnerabilities |
Ubuntu USN |
USN-8492-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8493-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8488-2 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8492-2 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8493-2 | Linux kernel (Oracle) vulnerabilities |
Ubuntu USN |
USN-8497-1 | Linux kernel (Low Latency) vulnerabilities |
Ubuntu USN |
USN-8498-1 | Linux kernel (NVIDIA Tegra) vulnerabilities |
Ubuntu USN |
USN-8499-1 | Linux kernel (Xilinx) vulnerabilities |
Ubuntu USN |
USN-8501-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8507-1 | Linux kernel (NVIDIA) vulnerabilities |
Ubuntu USN |
USN-8508-1 | Linux kernel (NVIDIA) vulnerabilities |
Ubuntu USN |
USN-8492-3 | Linux kernel (Raspberry Pi Real-time) vulnerabilities |
Ubuntu USN |
USN-8490-2 | Linux kernel (Real-time) vulnerabilities |
Ubuntu USN |
USN-8492-4 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8492-5 | Linux kernel (FIPS) vulnerabilities |
Ubuntu USN |
USN-8527-1 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8528-1 | Linux kernel (Xilinx ZynqMP) vulnerabilities |
Ubuntu USN |
USN-8529-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8530-1 | Linux kernel (AWS) vulnerabilities |
Ubuntu USN |
USN-8545-1 | Linux kernel (HWE) vulnerabilities |
Ubuntu USN |
USN-8546-1 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8547-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8548-1 | Linux kernel vulnerabilities |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 09 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.24:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.24:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.24:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.24:rc7:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.24:rc8:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:* |
Fri, 05 Jun 2026 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 02 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-825 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 01 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-285 |
Mon, 01 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 01 Jun 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 01 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Linux kernel
|
|
| Weaknesses | CWE-20 CWE-285 |
|
| Vendors & Products |
Linux kernel
|
|
| References |
| |
| Metrics |
cvssV3_1
|
Mon, 01 Jun 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key. | |
| Title | smb: client: reject userspace cifs.spnego descriptions | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-07-16T12:04:45.105Z
Reserved: 2026-05-13T15:03:33.107Z
Link: CVE-2026-46243
Updated: 2026-06-01T18:55:00.540Z
Status : Analyzed
Published: 2026-06-01T17:17:34.173
Modified: 2026-06-09T20:47:29.000
Link: CVE-2026-46243
OpenCVE Enrichment
Updated: 2026-06-09T23:30:05Z
Ubuntu USN