Search CVE reports
1 – 10 of 10 results
Some fixes available 102 of 137
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead...
168 affected packages
cifs-utils, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | Fixed | Fixed | Fixed | Vulnerable |
| linux-hwe | — | Not in release | Not in release | Not in release | Ignored |
| linux-hwe-5.4 | — | Not in release | Not in release | Not in release | Fixed |
| linux-hwe-5.8 | — | Not in release | Not in release | Ignored | Not in release |
| linux-hwe-5.11 | — | Not in release | Not in release | Ignored | Not in release |
| linux-hwe-5.13 | — | Not in release | Not in release | Ignored | Not in release |
| linux-hwe-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-hwe-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-hwe-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-hwe-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux | — | Fixed | Fixed | Fixed | Vulnerable |
| linux-aws | — | Fixed | Fixed | Fixed | Vulnerable |
| linux-aws-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-aws-5.4 | — | Not in release | Not in release | Not in release | Fixed |
| linux-aws-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-aws-fips | — | Not affected | Fixed | Fixed | Vulnerable |
| linux-aws-hwe | — | Not in release | Not in release | Not in release | Not in release |
| linux-azure | — | Fixed | Fixed | Fixed | Ignored |
| linux-azure-4.15 | — | Not in release | Not in release | Not in release | Vulnerable |
| linux-azure-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-azure-5.4 | — | Not in release | Not in release | Not in release | Fixed |
| linux-azure-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-azure-fde | — | Not affected | Needs evaluation | Ignored | Not in release |
| linux-azure-fde-5.15 | — | Not in release | Not in release | Vulnerable | Not in release |
| linux-azure-fips | — | Not affected | Fixed | Fixed | Vulnerable |
| linux-bluefield | — | Not in release | Not in release | Fixed | Not in release |
| linux-fips | — | Fixed | Fixed | Fixed | Vulnerable |
| linux-gcp | — | Fixed | Fixed | Fixed | Ignored |
| linux-gcp-4.15 | — | Not in release | Not in release | Not in release | Vulnerable |
| linux-gcp-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-hwe-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-hwe-6.11 | — | Fixed | Not in release | Not in release | Not in release |
| linux-hwe-edge | — | Not in release | Not in release | Not in release | Ignored |
| linux-lts-xenial | — | Not in release | Not in release | Not in release | Not in release |
| linux-kvm | — | Not in release | Fixed | Fixed | Vulnerable |
| linux-allwinner | — | Not in release | Not in release | Not in release | Not in release |
| linux-allwinner-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-aws-5.0 | — | Not in release | Not in release | Not in release | Ignored |
| linux-aws-5.3 | — | Not in release | Not in release | Not in release | Ignored |
| linux-aws-5.8 | — | Not in release | Not in release | Ignored | Not in release |
| linux-aws-5.11 | — | Not in release | Not in release | Ignored | Not in release |
| linux-aws-5.13 | — | Not in release | Not in release | Ignored | Not in release |
| linux-aws-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-aws-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-aws-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-azure-5.3 | — | Not in release | Not in release | Not in release | Ignored |
| linux-azure-5.8 | — | Not in release | Not in release | Ignored | Not in release |
| linux-azure-5.11 | — | — | — | Ignored | Not in release |
| linux-azure-5.13 | — | Not in release | Not in release | Ignored | Not in release |
| linux-azure-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-azure-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-azure-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-azure-fde-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-azure-fde-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-dell300x | — | Not in release | Not in release | Not in release | Ignored |
| linux-azure-edge | — | Not in release | Not in release | Not in release | Ignored |
| linux-gcp-fips | — | Not affected | Fixed | Fixed | Vulnerable |
| linux-gcp-5.3 | — | Not in release | Not in release | Not in release | Ignored |
| linux-gcp-5.4 | — | Not in release | Not in release | Not in release | Fixed |
| linux-gcp-5.8 | — | Not in release | Not in release | Ignored | Not in release |
| linux-gcp-5.11 | — | Not in release | Not in release | Ignored | Not in release |
| linux-gcp-5.13 | — | Not in release | Not in release | Ignored | Not in release |
| linux-gcp-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-gcp-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-gcp-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-gcp-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-gke | — | Fixed | Fixed | Ignored | Not in release |
| linux-gke-4.15 | — | Not in release | Not in release | Not in release | Ignored |
| linux-gke-5.0 | — | Not in release | Not in release | Not in release | Ignored |
| linux-gke-5.3 | — | Not in release | Not in release | Not in release | Ignored |
| linux-gke-5.4 | — | Not in release | Not in release | Not in release | Ignored |
| linux-gke-5.15 | — | Not in release | Not in release | Ignored | Not in release |
| linux-gkeop | — | Fixed | Fixed | Ignored | Not in release |
| linux-gkeop-5.4 | — | Not in release | Not in release | Not in release | Ignored |
| linux-gkeop-5.15 | — | Not in release | Not in release | Ignored | Not in release |
| linux-ibm | — | Fixed | Fixed | Fixed | Not in release |
| linux-ibm-5.4 | — | Not in release | Not in release | Not in release | Fixed |
| linux-ibm-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-intel | — | Not affected | Not in release | Not in release | Not in release |
| linux-intel-5.13 | — | Not in release | Not in release | Ignored | Not in release |
| linux-intel-iotg | — | Not in release | Fixed | Not in release | Not in release |
| linux-intel-iotg-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-iot | — | Not in release | Not in release | Fixed | Not in release |
| linux-intel-iot-realtime | — | Not in release | Fixed | Not in release | Not in release |
| linux-laptop | — | Not in release | Not in release | Not in release | Not in release |
| linux-lowlatency | — | Fixed | Fixed | Not in release | Not in release |
| linux-lowlatency-hwe-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-lowlatency-hwe-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-lowlatency-hwe-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-lowlatency-hwe-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-lowlatency-hwe-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-lowlatency-hwe-6.11 | — | Fixed | Not in release | Not in release | Not in release |
| linux-nvidia | — | Fixed | Fixed | Not in release | Not in release |
| linux-nvidia-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-nvidia-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-nvidia-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-nvidia-lowlatency | — | Fixed | Not in release | Not in release | Not in release |
| linux-oracle | — | Fixed | Fixed | Fixed | Vulnerable |
| linux-oracle-5.0 | — | Not in release | Not in release | Not in release | Ignored |
| linux-oracle-5.3 | — | Not in release | Not in release | Not in release | Ignored |
| linux-oracle-5.4 | — | Not in release | Not in release | Not in release | Fixed |
| linux-oracle-5.8 | — | Not in release | Not in release | Ignored | Not in release |
| linux-oracle-5.11 | — | Not in release | Not in release | Ignored | Not in release |
| linux-oracle-5.13 | — | Not in release | Not in release | Ignored | Not in release |
| linux-oracle-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-oracle-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-oracle-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-oem | — | Not in release | Not in release | Not in release | Ignored |
| linux-oem-5.6 | — | Not in release | Not in release | Ignored | Not in release |
| linux-oem-5.10 | — | Not in release | Not in release | Ignored | Not in release |
| linux-oem-5.13 | — | Not in release | Not in release | Ignored | Not in release |
| linux-oem-5.14 | — | Not in release | Not in release | Ignored | Not in release |
| linux-oem-5.17 | — | Not in release | Ignored | Not in release | Not in release |
| linux-oem-6.0 | — | Not in release | Ignored | Not in release | Not in release |
| linux-oem-6.1 | — | Not in release | Ignored | Not in release | Not in release |
| linux-oem-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-oem-6.8 | — | Fixed | Not in release | Not in release | Not in release |
| linux-oem-6.11 | — | Fixed | Not in release | Not in release | Not in release |
| linux-oem-osp1 | — | Not in release | Not in release | Not in release | Ignored |
| linux-raspi | — | Fixed | Fixed | Fixed | Not in release |
| linux-raspi2 | — | Not in release | Not in release | Ignored | Ignored |
| linux-raspi2-5.3 | — | Not in release | Not in release | Not in release | Ignored |
| linux-raspi-5.4 | — | Not in release | Not in release | Not in release | Fixed |
| linux-raspi-realtime | — | Fixed | Not in release | Not in release | Not in release |
| linux-realtime | — | Fixed | Fixed | Not in release | Not in release |
| linux-riscv | — | Ignored | Ignored | Ignored | Not in release |
| linux-riscv-5.8 | — | Not in release | Not in release | Ignored | Not in release |
| linux-riscv-5.11 | — | Not in release | Not in release | Ignored | Not in release |
| linux-riscv-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-riscv-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-riscv-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-riscv-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-snapdragon | — | Not in release | Not in release | Not in release | Ignored |
| linux-starfive | — | Not in release | Not in release | Not in release | Not in release |
| linux-starfive-5.19 | — | Not in release | Ignored | Not in release | Not in release |
| linux-starfive-6.2 | — | Not in release | Ignored | Not in release | Not in release |
| linux-starfive-6.5 | — | Not in release | Ignored | Not in release | Not in release |
| linux-xilinx-zynqmp | — | Not in release | Fixed | Fixed | Not in release |
| linux-nvidia-tegra | — | Fixed | Fixed | Not in release | Not in release |
| linux-nvidia-tegra-igx | — | Not in release | Fixed | Not in release | Not in release |
| linux-azure-nvidia | — | Fixed | Not in release | Not in release | Not in release |
| linux-azure-6.11 | — | Fixed | Not in release | Not in release | Not in release |
| linux-gcp-6.11 | — | Fixed | Not in release | Not in release | Not in release |
| linux-nvidia-tegra-5.15 | — | Not in release | Not in release | Fixed | Not in release |
| linux-oem-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-riscv-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-ibm-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-aws-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-gcp-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-hwe-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-oracle-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-nvidia-6.11 | — | Fixed | Not in release | Not in release | Not in release |
| linux-realtime-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-realtime-6.8 | — | Not in release | Fixed | Not in release | Not in release |
| linux-azure-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-azure-fde-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-azure-nvidia-6.14 | — | Not affected | Not in release | Not in release | Not in release |
| linux-xilinx | — | Fixed | Not in release | Not in release | Not in release |
| linux-oem-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-azure-fde-6.8 | — | Not in release | Not affected | Not in release | Not in release |
| linux-aws-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-gcp-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-hwe-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-oracle-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-riscv-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-azure-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-azure-fde-6.17 | — | Not affected | Not in release | Not in release | Not in release |
| linux-realtime-6.17 | — | Not affected | Not in release | Not in release | Not in release |
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
1 affected package
cifs-utils
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | Not affected | Fixed | Fixed | Fixed |
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
1 affected package
cifs-utils
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 6
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data...
1 affected package
cifs-utils
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | Not affected | Not affected | Fixed | Fixed |
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo...
1 affected package
cifs-utils
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | Fixed | Fixed | Fixed | Fixed |
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.
1 affected package
cifs-utils
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | — | — | — | — |
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
1 affected package
cifs-utils
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | — | — | Not affected | Not affected |
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
2 affected packages
cifs-utils, samba
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | — | — | — | — |
| samba | — | — | — | — | — |
Some fixes available 3 of 5
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local...
2 affected packages
cifs-utils, samba
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | — | — | — | — |
| samba | — | — | — | — | — |
Some fixes available 4 of 6
smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows...
2 affected packages
cifs-utils, samba
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cifs-utils | — | — | — | — | — |
| samba | — | — | — | — | — |