Kernel: CIFS spnego key authority fields misinterpreted
CVE-2026-46243 Published on June 1, 2026
smb: client: reject userspace cifs.spnego descriptions
In the Linux kernel, the following vulnerability has been resolved:
smb: client: reject userspace cifs.spnego descriptions
cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, userspace can also create keys of
this type through request_key(2) or add_key(2), allowing those fields to
be supplied without CIFS origin.
Only accept cifs.spnego descriptions while CIFS is using its private
spnego_cred to request the key.
Vulnerability Analysis
CVE-2026-46243 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2026-46243. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-46243
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below 7713bd320ed4fc3d08a227cd8e41242219a16981 is affected.
- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below 9544559e59438a4b609b2fdfa0763d8360572824 is affected.
- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below cf20038657d6d4974349556a34e08fe0490bebbc is affected.
- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below 2035acfb17221729b1b8ac335e941868a04ca079 is affected.
- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below a3bbda6502a9398b816fa2e71c9a3f955f58013d is affected.
- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below 91f89c1d83e80417629791fcef6af8140d7d01c8 is affected.
- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below 0aece6685fc80a8de492688ca2315fb86ec379c7 is affected.
- Version f1d662a7d5e5322e583aad6b3cfec03d8f27b435 and below 3da1fdf4efbc490041eb4f836bf596201203f8f2 is affected.
- Version 2.6.24 is affected.
- Before 2.6.24 is unaffected.
- Version 5.10.258, <= 5.10.* is unaffected.
- Version 5.15.209, <= 5.15.* is unaffected.
- Version 6.1.175, <= 6.1.* is unaffected.
- Version 6.6.142, <= 6.6.* is unaffected.
- Version 6.12.92, <= 6.12.* is unaffected.
- Version 6.18.34, <= 6.18.* is unaffected.
- Version 7.0.11, <= 7.0.* is unaffected.
- Version 7.1-rc5, <= * is unaffected.