PT-2026-51759 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-52944
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL SET SPARSE
FSCTL SET SPARSE in fsctl set sparse() modifies the file's sparse
attribute and saves it through xattr without any permission checks.
This exposes two issues:
-
A client on a read-only share can change the sparse attribute on files it opened, even though the share is read-only. Other FSCTL write operations already check test tree conn flag(work->tcon, KSMBD TREE CONN FLAG WRITABLE), but FSCTL SET SPARSE does not.
-
Even on writable shares, clients without FILE WRITE DATA or FILE WRITE ATTRIBUTES access should not modify the sparse attribute. Similar handle-level checks exist in other functions but are missing here.
Add both share-level writable check and per-handle access check.
Use goto out on error to avoid leaking file references.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux