CVE-2026-46243EXPLOITEDPATCHED

linux · linux_kernel

smb: client: reject userspace cifs.spnego descriptions

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	f1d662a7d5e5322e583aad6b3cfec03d8f27b435, f1d662a7d5e5322e583aad6b3cfec03d8f27b435, f1d662a7d5e5322e583aad6b3cfec03d8f27b435, f1d662a7d5e5322e583aad6b3cfec03d8f27b435, f1d662a7d5e5322e583aad6b3cfec03d8f27b435, f1d662a7d5e5322e583aad6b3cfec03d8f27b435, f1d662a7d5e5322e583aad6b3cfec03d8f27b435, f1d662a7d5e5322e583aad6b3cfec03d8f27b435, 2.6.24

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%
open source	open source linux kernel	cert_advisory	90%

References

Related News (7 articles)

Tier A

Microsoft MSRC2h ago

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

→ No new info (linked only)

Tier B

CERT-FR9d ago

Multiples vulnérabilités dans le noyau Linux de Red Hat (19 juin 2026)

→ No new info (linked only)

Tier B

CERT-FR23d ago

Multiples vulnérabilités dans le noyau Linux de Red Hat (05 juin 2026)

→ No new info (linked only)

Tier B

BSI Advisories26d ago

[NEU] [mittel] Linux Kernel: Schwachstelle ermöglicht Privilegieneskalation

→ No new info (linked only)

Tier C

VulDB26d ago

CVE-2026-46243 | Linux Kernel up to 7.1-rc4 smb upcall_target privilege escalation

→ No new info (linked only)

Tier C

oss-security26d ago

Re: CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall

→ No new info (linked only)

Tier C

Linux Kernel CVEs26d ago

CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

7713bd320ed4fc3d08a227cd8e41242219a169819544559e59438a4b609b2fdfa0763d8360572824cf20038657d6d4974349556a34e08fe0490bebbc2035acfb17221729b1b8ac335e941868a04ca079a3bbda6502a9398b816fa2e71c9a3f955f58013d91f89c1d83e80417629791fcef6af8140d7d01c80aece6685fc80a8de492688ca2315fb86ec379c73da1fdf4efbc490041eb4f836bf596201203f8f205.10.2585.15.2096.1.1756.6.1426.12.926.18.347.0.117.1-rc5

PublishedJun 1, 2026

Last enriched26d agov3

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 111

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 106

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 100

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Trending: 70

HIGHCVE-2026-52912EXP

netfilter: nf_queue: hold bridge skb->dev while queued

Trending: 66

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: affectedVersions, cweIds, tags

Jun 1, 2026

Updated: description, affectedVersions, severity

Jun 1, 2026

Actively Exploited

Jun 14, 2026

Exploit Available

Jun 14, 2026

Patch Available

Jun 14, 2026

Version History

Last enriched 26d ago

v3Tier C26d ago

Updated description with critical vulnerability details, changed severity to CRITICAL, and added affected version 7.1-rc4.

descriptionaffectedVersionsseverity

via VulDB

v2Tier C26d ago

Updated description with technical details, added affected versions, changed severity to HIGH, added CWE-20, and marked exploit as available and actively exploited.

affectedVersionscweIdstags

via oss-security

v126d ago

Initial creation