PT-2026-45478 · Linux+2 · Linux Kernel+2
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 7.0.11
Linux kernel versions prior to 6.18.34
Linux kernel versions prior to 6.12.92
Linux kernel versions prior to 6.6.142
Linux kernel versions prior to 6.1.175
Linux kernel versions prior to 5.15.209
Linux kernel versions prior to 5.10.258
Description
A privilege escalation issue exists in the Linux kernel's CIFS client implementation. The
cifs get spnego key() function within the cifs.upcall tool of the cifs-utils package lacks proper authentication for a critical function. Specifically, cifs.spnego key descriptions contain authority-bearing fields—including pid, uid, creduid, and upcall target—which cifs.upcall incorrectly treats as inputs originating from the kernel. A local attacker can use request key(2) or add key(2) to create keys of this type in userspace, allowing these fields to be supplied without a legitimate CIFS origin. This can enable an attacker to impersonate other users, bypass authentication in SMB mount operations, execute arbitrary code, and escalate privileges to root level. This issue has been demonstrated to facilitate container escapes from Docker environments to the host system.Recommendations
Update to Linux kernel version 7.0.11 or newer.
Update to Linux kernel version 6.18.34 or newer.
Update to Linux kernel version 6.12.92 or newer.
Update to Linux kernel version 6.6.142 or newer.
Update to Linux kernel version 6.1.175 or newer.
Update to Linux kernel version 5.15.209 or newer.
Update to Linux kernel version 5.10.258 or newer.
Exploit
Fix
LPE
DoS
Missing Authentication
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux Kernel
Red Os
Rocky Linux