VYPR
Vendor

cifs-utils

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2026-12505impJun 16, 2026
    risk 0.51cvss 7.8epss 0.00

    cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

  • CVE-2025-2312MedMar 25, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos…

  • CVE-2021-20208MedApr 19, 2021
    risk 0.33cvss 6.1epss 0.01

    A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

  • CVE-2012-1586Aug 27, 2012
    risk 0.03cvss epss 0.01

    mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

  • CVE-2022-29869MedApr 28, 2022
    risk 0.00cvss 5.3epss 0.02

    cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

  • CVE-2022-27239HigApr 27, 2022
    risk 0.00cvss 7.8epss 0.01

    In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.