smb: client: reject userspace cifs.spnego descriptions_CVE-2026-46243

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: reject userspace cifs.spnego descriptions

cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, userspace can also create keys of
this type through request_key(2) or add_key(2), allowing those fields to
be supplied without CIFS origin.

Only accept cifs.spnego descriptions while CIFS is using its private
spnego_cred to request the key.

Basic Information

ID CVE-2026-46243

Source Linux

Published Jun 1, 2026 at 16:22

Modified Jun 1, 2026 at 17:52

Affected Product

Vendor Linux

Product Linux

Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435

Affected Versions Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435
Linux Linux 2.6.24

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: reject userspace cifs.spnego descriptions\n\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\n\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key.",
    "published": "2026-06-01T16:22:29.211Z",
    "modified": "2026-06-01T17:52:06.478Z",
    "type": "cve",
    "title": "smb: client: reject userspace cifs.spnego descriptions",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981\nhttps://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824\nhttps://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbc\nhttps://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079\nhttps://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013d\nhttps://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8\nhttps://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7\nhttps://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2",
    "id": "CVE-2026-46243",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Linux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435\nLinux Linux 2.6.24",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}