SpirityCVE

This CVE ID has been rejected or withdrawn.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Ksmbd

No data.

References

No reference.

History

Wed, 13 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-125
References	https://github.com/torvalds/linux/blob/6596a02b207886e9e00bb0161c7fd59fea53c081/fs/smb/server/smbacl.c https://github.com/torvalds/linux/commit/996454bc0da84d5a1dedb1a7861823087e01a7ae https://www.vulncheck.com/advisories/linux-ksmbd-remote-memory-corruption-via-acl-inheritance
Metrics	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 13 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description	Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.	This CVE ID has been rejected or withdrawn.
Title	Linux ksmbd Remote Memory Corruption via ACL Inheritance
Metrics	cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 13 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux ksmbd
Vendors & Products		Linux Linux ksmbd

Tue, 12 May 2026 22:00:00 +0000

Type	Values Removed	Values Added
Description		Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.
Title		Linux ksmbd Remote Memory Corruption via ACL Inheritance
Weaknesses		CWE-125
References		https://github.com/torvalds/linux/blob/6596a02b207886e9e00bb0161c7fd59fea53c081/fs/smb/server/smbacl.c https://github.com/torvalds/linux/commit/996454bc0da84d5a1dedb1a7861823087e01a7ae https://www.vulncheck.com/advisories/linux-ksmbd-remote-memory-corruption-via-acl-inheritance
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: REJECTED

Assigner: VulnCheck

Published: 2026-05-12T21:34:59.782Z

Updated: 2026-05-13T15:14:52.974Z

Reserved: 2026-05-12T21:15:19.856Z

Link: CVE-2026-8449

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2026-05-12T22:16:38.730

Modified: 2026-05-13T16:17:05.807

Link: CVE-2026-8449

Redhat

No data.

Metrics