PT-2026-51759 · Linux · Linux

Publicado

2026-06-24

Atualizado

2026-06-24

CVE-2026-52944

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL SET SPARSE

FSCTL SET SPARSE in fsctl set sparse() modifies the file's sparse attribute and saves it through xattr without any permission checks.

This exposes two issues:

A client on a read-only share can change the sparse attribute on files it opened, even though the share is read-only. Other FSCTL write operations already check test tree conn flag(work->tcon, KSMBD TREE CONN FLAG WRITABLE), but FSCTL SET SPARSE does not.
Even on writable shares, clients without FILE WRITE DATA or FILE WRITE ATTRIBUTES access should not modify the sparse attribute. Similar handle-level checks exist in other functions but are missing here.

Add both share-level writable check and per-handle access check. Use goto out on error to avoid leaking file references.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2026-52944

Linux