cifs-utils
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12505 | imp | 0.51 | 7.8 | 0.00 | Jun 16, 2026 | cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall | ||
| CVE-2025-2312 | Med | 0.38 | 5.9 | 0.00 | Mar 25, 2025 | A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos… | ||
| CVE-2021-20208 | Med | 0.33 | 6.1 | 0.01 | Apr 19, 2021 | A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. | ||
| CVE-2012-1586 | 0.03 | — | 0.01 | Aug 27, 2012 | mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. | |||
| CVE-2022-29869 | Med | 0.00 | 5.3 | 0.02 | Apr 28, 2022 | cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | ||
| CVE-2022-27239 | Hig | 0.00 | 7.8 | 0.01 | Apr 27, 2022 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. |
- risk 0.51cvss 7.8epss 0.00
cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
- risk 0.38cvss 5.9epss 0.00
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos…
- risk 0.33cvss 6.1epss 0.01
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
- CVE-2012-1586Aug 27, 2012risk 0.03cvss —epss 0.01
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
- risk 0.00cvss 5.3epss 0.02
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
- risk 0.00cvss 7.8epss 0.01
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.