CVE-2026-46243

EUVD-2026-33668
In the Linux kernel, the following vulnerability has been resolved:

smb: client: reject userspace cifs.spnego descriptions

cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, userspace can also create keys of
this type through request_key(2) or add_key(2), allowing those fields to
be supplied without CIFS origin.

Only accept cifs.spnego descriptions while CIFS is using its private
spnego_cred to request the key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.174-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.257-1
fixed
forky
vulnerable
sid
7.0.10-1
fixed
trixie
vulnerable
trixie (security)
6.12.90-2
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7
https://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079
https://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2
https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981
https://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8
https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824
https://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013d
https://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbc
http://www.openwall.com/lists/oss-security/2026/06/01/6
https://github.com/manizada/CIFSwitch