CVE-2026-46243
Linux Kernel SMB Client SPNEGO Key Validation Bypass
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's SMB client implementation related to handling cifs.spnego key descriptions.
The cifs.spnego key descriptions include authority-bearing fields such as pid, uid, creduid, and upcall_target, which the kernel component cifs.upcall assumes are only provided by the kernel itself.
However, userspace programs can create keys of this type using system calls like request_key(2) or add_key(2), allowing them to supply these authority-bearing fields without going through the CIFS kernel origin.
The vulnerability was resolved by ensuring that only cifs.spnego descriptions created using CIFS's private spnego_cred are accepted when CIFS requests the key.
How can this vulnerability impact me? :
This vulnerability could allow userspace processes to supply forged authority-bearing fields to the kernel's SMB client, potentially leading to unauthorized access or privilege escalation within the CIFS subsystem.
By accepting user-supplied cifs.spnego key descriptions without proper validation, the kernel might trust incorrect identity or credential information, which could impact system security.