Heyitsas

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux kernel versions prior to 5.10.258 **Description** An issue exists in the Linux kernel's CIFS client implementation where `cifs.spnego` key descriptions contain authority-bearing fields such as `pid`, `uid`, `creduid`, and `upcall target`. The `cifs.upcall` tool treats these as kernel-originating inputs; however, userspace can create keys of this type using `request key(2)` or `add key(2)`, allowing these fields to be supplied without a CIFS origin. This lack of authentication in the `cifs get spnego key()` function may allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, escape from Docker containers to the host, and escalate privileges to root to execute arbitrary code. **Recommendations** Update the Linux kernel to version 7.0.11, 6.18.34, 6.12.92, 6.6.142, 6.1.175, 5.15.209, or 5.10.258, depending on the stable branch being tracked.