Linux Kernel Vulnerability in cifs.spnego Key Descriptions
CVE-2026-46243

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-46243?

A vulnerability exists in the Linux kernel related to cifs.spnego key descriptions. The issue arises from the way authority-bearing fields, such as pid, uid, and creduid, are treated by the cifs.upcall module. Userspace can create cifs.spnego keys using request_key(2) or add_key(2), which may lead to supplying these fields without proper validation of the CIFS origin. This vulnerability requires that cifs.spnego descriptions be accepted only when CIFS is using its private spnego_cred to request keys, ensuring better security measures are in place to avoid potential exploitation.

Affected Version(s)

Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435 < 7713bd320ed4fc3d08a227cd8e41242219a16981

Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435 < 9544559e59438a4b609b2fdfa0763d8360572824

Linux f1d662a7d5e5322e583aad6b3cfec03d8f27b435

References

https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8...

https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa...

https://git.kernel.org/stable/c/cf20038657d6d4974349556a3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46243 Data

JSON