CVE Catalog

CVE-2026-46243

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile - higher than 27% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the CIFS/SMB client implementation. It occurs because cifs.spnego key descriptions contain authority-bearing fields (such as pid, uid, creduid, upcall_target) that cifs.upcall treats as kernel-originating. However, userspace can create such keys via request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin.

Risk Assessment

The risk involves potential privilege escalation or authentication bypass in environments using CIFS/SMB. An attacker with local access could impersonate a legitimate user or process, gaining unauthorized access to network resources.

Recommendation

Immediately update the Linux kernel to a version containing the fix that rejects userspace-originated cifs.spnego descriptions unless they are requested via CIFS private spnego_cred.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS