Description
This CVE ID has been rejected or withdrawn.
Published: 2026-05-12
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Linux ksmbd contains a remote memory corruption flaw that occurs when a remote client creates a directory and sets a malicious DACL with a malformed SID. The crafted SID expands the num_subauth field, causing a heap out‑of‑bounds read followed by heap corruption during ACL inheritance. This memory corruption can lead to kernel instability, a denial‑of‑service condition, or, in the worst case, privilege escalation to kernel code execution. The weakness is a classic out‑of‑bounds read (CWE‑125).

Affected Systems

The affected product is the Linux ksmbd SMB server component. The CVE marks the vendor as Linux:ksmbd, but no specific kernel or ksmbd release versions are listed in the data. All systems running a version of ksmbd that includes the flawed ACL inheritance logic are potentially vulnerable, with no version or patch information provided in the available dataset.

Risk and Exploitability

The flaw scores a high CVSS value of 8.7, indicating a severe risk. No EPSS score was provided, and the vulnerability is not yet listed in the CISA KEV catalog. Attackers can exploit the weakness remotely by authenticating to the SMB service with directory creation rights, performing an SMB2_SET_INFO operation to assign the rogue DACL, and then creating child objects to trigger the out‑of‑bounds read. Because the vulnerability operates at the kernel level, it offers a pathway for privilege escalation once the memory corruption succeeds. The lack of an immediate patch in the current data set heightens urgency, especially for exposed SMB services.

Generated by OpenCVE AI on May 12, 2026 at 23:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Linux kernel or ksmbd patch that corrects the ACL inheritance memory corruption flaw.
  • Restrict SMB traffic to trusted hosts and limit directory creation permissions to verified users.
  • Disable ACL inheritance on SMB shares or enforce strict access controls to prevent malicious SID injections.

Generated by OpenCVE AI on May 12, 2026 at 23:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title kernel: ksmbd: Linux ksmbd: Privilege Escalation via crafted DACL in ACL inheritance
Weaknesses CWE-805
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 13 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution. This CVE ID has been rejected or withdrawn.
Title Linux ksmbd Remote Memory Corruption via ACL Inheritance
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux ksmbd
Vendors & Products Linux
Linux ksmbd

Tue, 12 May 2026 22:00:00 +0000

Type Values Removed Values Added
Description Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.
Title Linux ksmbd Remote Memory Corruption via ACL Inheritance
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Linux Ksmbd
cve-icon MITRE

Status: REJECTED

Assigner: VulnCheck

Published:

Updated: 2026-05-13T15:14:52.974Z

Reserved: 2026-05-12T21:15:19.856Z

Link: CVE-2026-8449

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Rejected

Published: 2026-05-12T22:16:38.730

Modified: 2026-05-13T16:17:05.807

Link: CVE-2026-8449

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-12T21:34:59Z

Links: CVE-2026-8449 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:35:23Z

Weaknesses