PT-2026-45478 · Linux+2 · Linux Kernel+2

·

CVE-2026-46243

·

Published

2026-05-19

·

Updated

2026-07-17

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux kernel versions prior to 5.10.258
Description A privilege escalation issue exists in the Linux kernel's CIFS client implementation. The cifs get spnego key() function within the cifs.upcall tool of the cifs-utils package lacks proper authentication for a critical function. Specifically, cifs.spnego key descriptions contain authority-bearing fields—including pid, uid, creduid, and upcall target—which cifs.upcall incorrectly treats as inputs originating from the kernel. A local attacker can use request key(2) or add key(2) to create keys of this type in userspace, allowing these fields to be supplied without a legitimate CIFS origin. This can enable an attacker to impersonate other users, bypass authentication in SMB mount operations, execute arbitrary code, and escalate privileges to root level. This issue has been demonstrated to facilitate container escapes from Docker environments to the host system.
Recommendations Update to Linux kernel version 7.0.11 or newer. Update to Linux kernel version 6.18.34 or newer. Update to Linux kernel version 6.12.92 or newer. Update to Linux kernel version 6.6.142 or newer. Update to Linux kernel version 6.1.175 or newer. Update to Linux kernel version 5.15.209 or newer. Update to Linux kernel version 5.10.258 or newer.

Exploit

Fix

LPE

DoS

Missing Authentication

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:23258
ALSA-2026:23259
ALSA-2026:23329
ALSA-2026:24381
BDU:2026-07574
CVE-2026-46243
OESA-2026-2673
OESA-2026-2674
OPENSUSE-SU-2026:10954-1
OPENSUSE-SU-2026:20912-1
RHSA-2026:23258
RHSA-2026:23259
RHSA-2026:23329
RHSA-2026:23395
RHSA-2026:24381
RHSA-2026:25908
RHSA-2026:33219
RHSA-2026:33220
RHSA-2026:33221
RHSA-2026:33222
RHSA-2026:33223
RHSA-2026:33224
RHSA-2026:33225
RHSA-2026:33486
SUSE-SU-2026:22043-1
SUSE-SU-2026:22048-1
SUSE-SU-2026:22076-1
SUSE-SU-2026:22087-1
SUSE-SU-2026:22598-1
SUSE-SU-2026:2310-1
SUSE-SU-2026:2317-1
SUSE-SU-2026:2331-1
SUSE-SU-2026:2332-1
SUSE-SU-2026:2383-1
SUSE-SU-2026:2421-1
SUSE-SU-2026:2482-1
SUSE-SU-2026:2855-1
SUSE-SU-2026:2857-1
SUSE-SU-2026:2858-1
SUSE-SU-2026:2862-1
SUSE-SU-2026:2864-1
SUSE-SU-2026:2866-1
SUSE-SU-2026:2867-1
SUSE-SU-2026:2868-1
SUSE-SU-2026:2887-1
SUSE-SU-2026:2888-1
SUSE-SU-2026:2889-1
SUSE-SU-2026:2890-1
SUSE-SU-2026:2894-1
SUSE-SU-2026:2895-1
SUSE-SU-2026:2899-1
SUSE-SU-2026:2902-1
SUSE-SU-2026:2909-1
SUSE-SU-2026:2910-1
SUSE-SU-2026:2920-1
SUSE-SU-2026:2930-1
SUSE-SU-2026:2932-1
SUSE-SU-2026:2933-1
SUSE-SU-2026:2937-1
SUSE-SU-2026:2938-1
SUSE-SU-2026:2943-1
SUSE-SU-2026:2945-1
SUSE-SU-2026:2955-1
SUSE-SU-2026:2956-1
SUSE-SU-2026:2957-1
SUSE-SU-2026:2961-1
SUSE-SU-2026:2989-1
SUSE-SU-2026:2991-1
SUSE-SU-2026:2992-1
SUSE-SU-2026:2994-1
SUSE-SU-2026:2995-1
SUSE-SU-2026:2997-1
SUSE-SU-2026:3011-1
SUSE-SU-2026:3065-1
SUSE-SU-2026:3066-1
SUSE-SU-2026:3067-1
SUSE-SU-2026:3075-1
USN-8488-1
USN-8488-2
USN-8489-1
USN-8490-1
USN-8490-2
USN-8491-1
USN-8492-1
USN-8492-2
USN-8492-3
USN-8492-4
USN-8492-5
USN-8493-1
USN-8493-2
USN-8497-1
USN-8498-1
USN-8499-1
USN-8501-1
USN-8507-1
USN-8508-1
USN-8527-1
USN-8528-1
USN-8529-1
USN-8530-1
USN-8545-1
USN-8546-1
USN-8547-1
USN-8548-1

Affected Products

Linux Kernel
Red Os
Rocky Linux