VYPR
High severity7.1NVD Advisory· Published Jun 1, 2026· Updated Jun 9, 2026

CVE-2026-46243

CVE-2026-46243

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: reject userspace cifs.spnego descriptions

cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin.

Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

232

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.