CVE-2026-46243— smb: client: reject userspace cifs.spnego descriptions
In-the-Wild Activity Observed github_trending · low
Possible ATT&CK Techniques 1AI
T1558.003 · KerberoastingAffected Version Matrix 18
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f1d662a7d5e5322e583aad6b3cfec03d8f27b435< 7713bd320ed4fc3d08a227cd8e41242219a16981 | affected |
f1d662a7d5e5322e583aad6b3cfec03d8f27b435< 9544559e59438a4b609b2fdfa0763d8360572824 | affected | ||
f1d662a7d5e5322e583aad6b3cfec03d8f27b435< cf20038657d6d4974349556a34e08fe0490bebbc | affected | ||
f1d662a7d5e5322e583aad6b3cfec03d8f27b435< 2035acfb17221729b1b8ac335e941868a04ca079 | affected | ||
f1d662a7d5e5322e583aad6b3cfec03d8f27b435< a3bbda6502a9398b816fa2e71c9a3f955f58013d | affected | ||
f1d662a7d5e5322e583aad6b3cfec03d8f27b435< 91f89c1d83e80417629791fcef6af8140d7d01c8 | affected | ||
f1d662a7d5e5322e583aad6b3cfec03d8f27b435< 0aece6685fc80a8de492688ca2315fb86ec379c7 | affected | ||
f1d662a7d5e5322e583aad6b3cfec03d8f27b435< 3da1fdf4efbc490041eb4f836bf596201203f8f2 | affected | ||
| … +10 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46243
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
smb: client: reject userspace cifs.spnego descriptions
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-46243
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46243
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-46243 (7)
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46242
eventpoll: fix ep_remove struct eventpoll / struct file UAF - CVE-2026-46241
spi: mpc52xx: fix use-after-free on registration failure - CVE-2026-46239
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl - CVE-2026-46240
media: iris: Fix use-after-free in iris_release_internal_buf - CVE-2026-46238
batman-adv: stop caching unowned originator pointers in BAT
Same vendor: Linux
- CVE-2026-46242
eventpoll: fix ep_remove struct eventpoll / struct file UAF - CVE-2026-46241
spi: mpc52xx: fix use-after-free on registration failure - CVE-2026-46239
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl - CVE-2026-46240
media: iris: Fix use-after-free in iris_release_internal_buf - CVE-2026-46238
batman-adv: stop caching unowned originator pointers in BAT
V. Comments for CVE-2026-46243
No comments yet