Description
In the Linux kernel, the following vulnerability has been resolved:

smb: client: reject userspace cifs.spnego descriptions

cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, userspace can also create keys of
this type through request_key(2) or add_key(2), allowing those fields to
be supplied without CIFS origin.

Only accept cifs.spnego descriptions while CIFS is using its private
spnego_cred to request the key.
Published: 2026-06-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel validated cifs.spnego key descriptions as if they were created within the CIFS subsystem, but the key fields such as pid, uid, creduid, and upcall_target can be supplied by userspace via request_key(2) or add_key(2). Because the kernel treats these fields as kernel‑originating inputs, an attacker who can create a cifs.spnego key can inject arbitrary authority information and potentially gain elevated privileges or bypass permission checks. This vulnerability involves improper input validation (CWE‑20) and improper authority handling (CWE‑825), and may lead to kernel‑level privilege escalation.

Affected Systems

The vulnerability affects the Linux kernel broadly; the specific affected vendor and product list includes generic Linux:Linux kernel releases. No fixed version is listed, so kernel versions before the patch that introduced this fix are considered vulnerable.

Risk and Exploitability

The CVSS score is 7.1, indicating a high severity flaw. The EPSS score is less than 1%, indicating a very low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog. The attack vector is likely local or through privileged user accounts that can create keys. An attacker could exploit the vulnerability to gain root or otherwise alter keyring data that the kernel trusts, thereby escalating privileges.

Generated by OpenCVE AI on June 9, 2026 at 23:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the most recent Linux kernel update that contains the fix referenced by the provided commit links
  • Revise keyring policy to restrict creation of cifs.spnego keys to root or the CIFS subsystem, for example by adjusting keyring access rights or using a keyring with restricted creation permissions
  • If an immediate kernel update is not feasible, delete or invalidate any existing cifs.spnego keys on the system and monitor keyring activity for suspicious key creation

Generated by OpenCVE AI on June 9, 2026 at 23:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*

Fri, 05 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Tue, 02 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 01 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Mon, 01 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 01 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux kernel
Weaknesses CWE-20
CWE-285
Vendors & Products Linux kernel
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.
Title smb: client: reject userspace cifs.spnego descriptions
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Kernel Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:05:20.395Z

Reserved: 2026-05-13T15:03:33.107Z

Link: CVE-2026-46243

cve-icon Vulnrichment

Updated: 2026-06-01T18:55:00.540Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T17:17:34.173

Modified: 2026-06-09T20:47:29.000

Link: CVE-2026-46243

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-26T00:00:00Z

Links: CVE-2026-46243 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:30:05Z

Weaknesses