Fluid Attacks Database

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_sec_desc(), build_sec_desc(), and the chown path in id_mode_to_cifs_acl() all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returned security descriptor. On 32-bit builds a malicious server can return dacloffset near U32_MAX, wrap the derived DACL pointer below end_of_acl, and then slip past the later pointer-based bounds checks. build_sec_desc() and id_mode_to_cifs_acl() can then dereference DACL fields from the wrapped pointer in the chmod/chown rewrite paths. Validate dacloffset numerically before building any DACL pointer and reuse the same helper at the three DACL entry points.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	linux	=6.12.38-1 \|\| =6.12.41-1 \|\| =6.12.43-1 \|\| =6.12.43-1~bpo12+1 \|\| =6.12.48-1 \|\| =6.12.57-1 \|\| =6.12.57-1~bpo12+1 \|\| =6.12.63-1 \|\| =6.12.63-1~bpo12+1 \|\| =6.12.69-1 \|\| =6.12.69-1~bpo12+1 \|\| =6.12.73-1 \|\| =6.12.73-1~bpo12+1 \|\| =6.12.74-1 \|\| =6.12.74-2 \|\| =6.12.74-2~bpo12+1 \|\| =6.12.85-1 \|\| =6.12.85-1~bpo12+1 \|\| =6.12.86-1 \|\| =6.12.86-1~bpo12+1 \|\| =6.12.88-1 \|\| =6.12.88-1~bpo12+1 \|\| =6.12.90-1 \|\| =6.12.90-1~bpo12+1 \|\| =6.12.90-2 \|\| =6.12.90-2~bpo12+1 \|\| =6.13.10-1~exp1 \|\| =6.13.11-1~exp1 \|\| =6.13.2-1~exp1 \|\| =6.13.3-1~exp1 \|\| =6.13.4-1~exp1 \|\| =6.13.5-1~exp1 \|\| =6.13.6-1~exp1 \|\| =6.13.7-1~exp1 \|\| =6.13.8-1~exp1 \|\| =6.13.9-1~exp1 \|\| =6.13~rc6-1~exp1 \|\| =6.13~rc7-1~exp1 \|\| =6.14.3-1~exp1 \|\| =6.14.5-1~exp1 \|\| =6.14.6-1~exp1 \|\| =6.15-1~exp1 \|\| =6.15.1-1~exp1 \|\| =6.15.2-1~exp1 \|\| =6.15.3-1~exp1 \|\| =6.15.4-1~exp1 \|\| =6.15.5-1~exp1 \|\| =6.15.6-1~exp1 \|\| =6.15~rc7-1~exp1 \|\| =6.16-1~exp1 \|\| =6.16.1-1~exp1 \|\| =6.16.10-1 \|\| =6.16.11-1 \|\| =6.16.12-1 \|\| =6.16.12-1~bpo13+1 \|\| =6.16.12-2 \|\| =6.16.3-1 \|\| =6.16.3-1~bpo13+1 \|\| =6.16.5-1 \|\| =6.16.6-1 \|\| =6.16.7-1 \|\| =6.16.8-1 \|\| =6.16.9-1 \|\| =6.16~rc7-1~exp1 \|\| =6.17.10-1 \|\| =6.17.11-1 \|\| =6.17.12-1 \|\| =6.17.13-1 \|\| =6.17.13-1~bpo13+1 \|\| =6.17.2-1~exp1 \|\| =6.17.5-1~exp1 \|\| =6.17.6-1 \|\| =6.17.7-1 \|\| =6.17.7-2 \|\| =6.17.8-1 \|\| =6.17.8-1~bpo13+1 \|\| =6.17.9-1 \|\| =6.18.1-1~exp1 \|\| =6.18.10-1 \|\| =6.18.12-1 \|\| =6.18.12-1~bpo13+1 \|\| =6.18.13-1 \|\| =6.18.14-1 \|\| =6.18.15-1 \|\| =6.18.15-1~bpo13+1 \|\| =6.18.2-1~exp1 \|\| =6.18.3-1 \|\| =6.18.5-1 \|\| =6.18.5-1~bpo13+1 \|\| =6.18.8-1 \|\| =6.18.9-1 \|\| =6.18.9-1~bpo13+1 \|\| =6.18~rc4-1~exp1 \|\| =6.18~rc4-1~exp2 \|\| =6.18~rc5-1~exp1 \|\| =6.18~rc6-1~exp1 \|\| =6.18~rc7-1~exp1 \|\| =6.19-1~exp1 \|\| =6.19.10-1 \|\| =6.19.10-1~bpo13+1 \|\| =6.19.11-1 \|\| =6.19.11-1~bpo13+1 \|\| =6.19.12-1 \|\| =6.19.13-1 \|\| =6.19.13-1~bpo13+1 \|\| =6.19.14-1 \|\| =6.19.14-1~bpo13+1 \|\| =6.19.2-1~exp1 \|\| =6.19.3-1~exp1 \|\| =6.19.4-1~exp1 \|\| =6.19.5-1~exp1 \|\| =6.19.6-1 \|\| =6.19.6-2 \|\| =6.19.6-2~bpo13+1 \|\| =6.19.8-1 \|\| =6.19.8-1~bpo13+1 \|\| =6.19~rc4-1~exp1 \|\| =6.19~rc5-1~exp1 \|\| =6.19~rc6-1~exp1 \|\| =6.19~rc7-1~exp1 \|\| =6.19~rc8-1~exp1 \|\| =7.0-1~exp1 \|\| =7.0.1-1~exp1 \|\| =7.0.3-1 \|\| =7.0.4-1 \|\| =7.0.4-1~bpo13+1 \|\| =7.0.7-1~bpo13+1 \|\| >=0 <7.0.7-1	7.0.7-1
debian 12	linux	=6.1.106-1 \|\| =6.1.106-2 \|\| =6.1.106-3 \|\| =6.1.112-1 \|\| =6.1.115-1 \|\| =6.1.119-1 \|\| =6.1.123-1 \|\| =6.1.124-1 \|\| =6.1.128-1 \|\| =6.1.129-1 \|\| =6.1.133-1 \|\| =6.1.135-1 \|\| =6.1.137-1 \|\| =6.1.139-1 \|\| =6.1.140-1 \|\| =6.1.147-1 \|\| =6.1.148-1 \|\| =6.1.153-1 \|\| =6.1.158-1 \|\| =6.1.159-1 \|\| =6.1.162-1 \|\| =6.1.164-1 \|\| =6.1.170-1 \|\| =6.1.170-2 \|\| =6.1.170-3 \|\| =6.1.172-1 \|\| =6.1.174-1 \|\| =6.1.27-1 \|\| =6.1.37-1 \|\| =6.1.38-1 \|\| =6.1.38-2 \|\| =6.1.38-2~bpo11+1 \|\| =6.1.38-3 \|\| =6.1.38-4 \|\| =6.1.38-4~bpo11+1 \|\| =6.1.52-1 \|\| =6.1.55-1 \|\| =6.1.55-1~bpo11+1 \|\| =6.1.64-1 \|\| =6.1.66-1 \|\| =6.1.67-1 \|\| =6.1.69-1 \|\| =6.1.69-1~bpo11+1 \|\| =6.1.76-1 \|\| =6.1.76-1~bpo11+1 \|\| =6.1.82-1 \|\| =6.1.85-1 \|\| =6.1.90-1 \|\| =6.1.90-1~bpo11+1 \|\| =6.1.94-1 \|\| =6.1.94-1~bpo11+1 \|\| =6.1.98-1 \|\| =6.1.99-1 \|\| =6.10-1~exp1 \|\| =6.10.1-1~exp1 \|\| =6.10.11-1 \|\| =6.10.11-1~bpo12+1 \|\| =6.10.12-1 \|\| =6.10.3-1 \|\| =6.10.4-1 \|\| =6.10.6-1 \|\| =6.10.6-1~bpo12+1 \|\| =6.10.7-1 \|\| =6.10.9-1 \|\| =6.11-1~exp1 \|\| =6.11.10-1 \|\| =6.11.10-1~bpo12+1 \|\| =6.11.2-1 \|\| =6.11.4-1 \|\| =6.11.5-1 \|\| =6.11.5-1~bpo12+1 \|\| =6.11.6-1 \|\| =6.11.7-1 \|\| =6.11.9-1 \|\| =6.11~rc4-1~exp1 \|\| =6.11~rc5-1~exp1 \|\| =6.12.10-1 \|\| =6.12.11-1 \|\| =6.12.11-1+alpha \|\| =6.12.11-1+alpha.1 \|\| =6.12.12-1 \|\| =6.12.12-1~bpo12+1 \|\| =6.12.13-1 \|\| =6.12.15-1 \|\| =6.12.16-1 \|\| =6.12.17-1 \|\| =6.12.19-1 \|\| =6.12.20-1 \|\| =6.12.21-1 \|\| =6.12.22-1 \|\| =6.12.22-1~bpo12+1 \|\| =6.12.25-1 \|\| =6.12.27-1 \|\| =6.12.27-1~bpo12+1 \|\| =6.12.29-1 \|\| =6.12.3-1 \|\| =6.12.30-1 \|\| =6.12.30-1~bpo12+1 \|\| =6.12.31-1 \|\| =6.12.32-1 \|\| =6.12.32-1~bpo12+1 \|\| =6.12.33-1 \|\| =6.12.33-1~bpo12+1 \|\| =6.12.35-1 \|\| =6.12.35-1~bpo12+1 \|\| =6.12.37-1 \|\| =6.12.38-1 \|\| =6.12.38-1~bpo12+1 \|\| =6.12.41-1 \|\| =6.12.43-1 \|\| =6.12.43-1~bpo12+1 \|\| =6.12.48-1 \|\| =6.12.5-1 \|\| =6.12.57-1 \|\| =6.12.57-1~bpo12+1 \|\| =6.12.6-1 \|\| =6.12.63-1 \|\| =6.12.63-1~bpo12+1 \|\| =6.12.69-1 \|\| =6.12.69-1~bpo12+1 \|\| =6.12.73-1 \|\| =6.12.73-1~bpo12+1 \|\| =6.12.74-1 \|\| =6.12.74-2 \|\| =6.12.74-2~bpo12+1 \|\| =6.12.8-1 \|\| =6.12.85-1 \|\| =6.12.85-1~bpo12+1 \|\| =6.12.86-1 \|\| =6.12.86-1~bpo12+1 \|\| =6.12.88-1 \|\| =6.12.88-1~bpo12+1 \|\| =6.12.9-1 \|\| =6.12.9-1+alpha \|\| =6.12.9-1~bpo12+1 \|\| =6.12.90-1 \|\| =6.12.90-1~bpo12+1 \|\| =6.12.90-2 \|\| =6.12.90-2~bpo12+1 \|\| =6.12~rc6-1~exp1 \|\| =6.13.10-1~exp1 \|\| =6.13.11-1~exp1 \|\| =6.13.2-1~exp1 \|\| =6.13.3-1~exp1 \|\| =6.13.4-1~exp1 \|\| =6.13.5-1~exp1 \|\| =6.13.6-1~exp1 \|\| =6.13.7-1~exp1 \|\| =6.13.8-1~exp1 \|\| =6.13.9-1~exp1 \|\| =6.13~rc6-1~exp1 \|\| =6.13~rc7-1~exp1 \|\| =6.14.3-1~exp1 \|\| =6.14.5-1~exp1 \|\| =6.14.6-1~exp1 \|\| =6.15-1~exp1 \|\| =6.15.1-1~exp1 \|\| =6.15.2-1~exp1 \|\| =6.15.3-1~exp1 \|\| =6.15.4-1~exp1 \|\| =6.15.5-1~exp1 \|\| =6.15.6-1~exp1 \|\| =6.15~rc7-1~exp1 \|\| =6.16-1~exp1 \|\| =6.16.1-1~exp1 \|\| =6.16.10-1 \|\| =6.16.11-1 \|\| =6.16.12-1 \|\| =6.16.12-1~bpo13+1 \|\| =6.16.12-2 \|\| =6.16.3-1 \|\| =6.16.3-1~bpo13+1 \|\| =6.16.5-1 \|\| =6.16.6-1 \|\| =6.16.7-1 \|\| =6.16.8-1 \|\| =6.16.9-1 \|\| =6.16~rc7-1~exp1 \|\| =6.17.10-1 \|\| =6.17.11-1 \|\| =6.17.12-1 \|\| =6.17.13-1 \|\| =6.17.13-1~bpo13+1 \|\| =6.17.2-1~exp1 \|\| =6.17.5-1~exp1 \|\| =6.17.6-1 \|\| =6.17.7-1 \|\| =6.17.7-2 \|\| =6.17.8-1 \|\| =6.17.8-1~bpo13+1 \|\| =6.17.9-1 \|\| =6.18.1-1~exp1 \|\| =6.18.10-1 \|\| =6.18.12-1 \|\| =6.18.12-1~bpo13+1 \|\| =6.18.13-1 \|\| =6.18.14-1 \|\| =6.18.15-1 \|\| =6.18.15-1~bpo13+1 \|\| =6.18.2-1~exp1 \|\| =6.18.3-1 \|\| =6.18.5-1 \|\| =6.18.5-1~bpo13+1 \|\| =6.18.8-1 \|\| =6.18.9-1 \|\| =6.18.9-1~bpo13+1 \|\| =6.18~rc4-1~exp1 \|\| =6.18~rc4-1~exp2 \|\| =6.18~rc5-1~exp1 \|\| =6.18~rc6-1~exp1 \|\| =6.18~rc7-1~exp1 \|\| =6.19-1~exp1 \|\| =6.19.10-1 \|\| =6.19.10-1~bpo13+1 \|\| =6.19.11-1 \|\| =6.19.11-1~bpo13+1 \|\| =6.19.12-1 \|\| =6.19.13-1 \|\| =6.19.13-1~bpo13+1 \|\| =6.19.14-1 \|\| =6.19.14-1~bpo13+1 \|\| =6.19.2-1~exp1 \|\| =6.19.3-1~exp1 \|\| =6.19.4-1~exp1 \|\| =6.19.5-1~exp1 \|\| =6.19.6-1 \|\| =6.19.6-2 \|\| =6.19.6-2~bpo13+1 \|\| =6.19.8-1 \|\| =6.19.8-1~bpo13+1 \|\| =6.19~rc4-1~exp1 \|\| =6.19~rc5-1~exp1 \|\| =6.19~rc6-1~exp1 \|\| =6.19~rc7-1~exp1 \|\| =6.19~rc8-1~exp1 \|\| =6.3.1-1~exp1 \|\| =6.3.11-1 \|\| =6.3.2-1~exp1 \|\| =6.3.4-1~exp1 \|\| =6.3.5-1~exp1 \|\| =6.3.7-1 \|\| =6.3.7-1~bpo12+1 \|\| =6.4.1-1~exp1 \|\| =6.4.11-1 \|\| =6.4.13-1 \|\| =6.4.4-1 \|\| =6.4.4-1~bpo12+1 \|\| =6.4.4-2 \|\| =6.4.4-3 \|\| =6.4.4-3~bpo12+1 \|\| =6.4~rc6-1~exp1 \|\| =6.4~rc7-1~exp1 \|\| =6.5.1-1~exp1 \|\| =6.5.10-1 \|\| =6.5.10-1~bpo12+1 \|\| =6.5.13-1 \|\| =6.5.3-1 \|\| =6.5.3-1~bpo12+1 \|\| =6.5.6-1 \|\| =6.5.8-1 \|\| =6.5~rc4-1~exp1 \|\| =6.5~rc6-1~exp1 \|\| =6.5~rc7-1~exp1 \|\| =6.6.11-1 \|\| =6.6.13-1 \|\| =6.6.13-1~bpo12+1 \|\| =6.6.15-1 \|\| =6.6.15-2 \|\| =6.6.3-1~exp1 \|\| =6.6.4-1~exp1 \|\| =6.6.7-1~exp1 \|\| =6.6.8-1 \|\| =6.6.9-1 \|\| =6.7-1~exp1 \|\| =6.7.1-1~exp1 \|\| =6.7.12-1 \|\| =6.7.12-1~bpo12+1 \|\| =6.7.4-1~exp1 \|\| =6.7.7-1 \|\| =6.7.9-1 \|\| =6.7.9-2 \|\| =6.8.11-1 \|\| =6.8.12-1 \|\| =6.8.12-1~bpo12+1 \|\| =6.8.9-1 \|\| =6.9.10-1 \|\| =6.9.10-1~bpo12+1 \|\| =6.9.11-1 \|\| =6.9.12-1 \|\| =6.9.2-1~exp1 \|\| =6.9.7-1 \|\| =6.9.7-1~bpo12+1 \|\| =6.9.8-1 \|\| =6.9.9-1 \|\| =7.0-1~exp1 \|\| =7.0.1-1~exp1 \|\| =7.0.10-1 \|\| =7.0.10-1~bpo13+1 \|\| =7.0.3-1 \|\| =7.0.4-1 \|\| =7.0.4-1~bpo13+1 \|\| =7.0.7-1 \|\| =7.0.7-1~bpo13+1 \|\| =7.0.9-1 \|\| =7.0.9-1~bpo13+1 \|\| =7.1~rc2-1~exp1 \|\| =7.1~rc3-1~exp1 \|\| =7.1~rc4-1~exp1 \|\| =7.1~rc4-1~exp2 \|\| =7.1~rc5-1~exp1	-
debian 13	linux	=6.12.38-1 \|\| =6.12.41-1 \|\| =6.12.43-1 \|\| =6.12.43-1~bpo12+1 \|\| =6.12.48-1 \|\| =6.12.57-1 \|\| =6.12.57-1~bpo12+1 \|\| =6.12.63-1 \|\| =6.12.63-1~bpo12+1 \|\| =6.12.69-1 \|\| =6.12.69-1~bpo12+1 \|\| =6.12.73-1 \|\| =6.12.73-1~bpo12+1 \|\| =6.12.74-1 \|\| =6.12.74-2 \|\| =6.12.74-2~bpo12+1 \|\| =6.12.85-1 \|\| =6.12.85-1~bpo12+1 \|\| =6.12.86-1 \|\| =6.12.86-1~bpo12+1 \|\| =6.12.88-1~bpo12+1 \|\| >=0 <6.12.88-1	6.12.88-1
rpm rhel9	kernel	-	-
rpm rhel8	kernel-rt	-	-
rpm rhel9	kernel-rt	-	-
rpm rhel10	kernel	-	-
rpm rhel8	kernel	-	-

Aliases

1. CVE-2026-461952. NVD-2026-461953. OSV-DEBIAN-2026-461954. OSV-2026-461955. SECURITY-TRACKER-CVE-2026-46195

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.