{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46243", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.107Z", "datePublished": "2026-06-01T16:22:29.211Z", "dateUpdated": "2026-06-30T02:41:30.626Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-14T18:05:20.395Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: reject userspace cifs.spnego descriptions\n\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\n\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cifs_spnego.c"], "versions": [{"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "7713bd320ed4fc3d08a227cd8e41242219a16981", "status": "affected", "versionType": "git"}, {"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "9544559e59438a4b609b2fdfa0763d8360572824", "status": "affected", "versionType": "git"}, {"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "cf20038657d6d4974349556a34e08fe0490bebbc", "status": "affected", "versionType": "git"}, {"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "2035acfb17221729b1b8ac335e941868a04ca079", "status": "affected", "versionType": "git"}, {"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "a3bbda6502a9398b816fa2e71c9a3f955f58013d", "status": "affected", "versionType": "git"}, {"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "91f89c1d83e80417629791fcef6af8140d7d01c8", "status": "affected", "versionType": "git"}, {"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "0aece6685fc80a8de492688ca2315fb86ec379c7", "status": "affected", "versionType": "git"}, {"version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "3da1fdf4efbc490041eb4f836bf596201203f8f2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cifs_spnego.c"], "versions": [{"version": "2.6.24", "status": "affected"}, {"version": "0", "lessThan": "2.6.24", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.142", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.92", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.34", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.11", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "6.6.142"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "6.12.92"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "6.18.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "7.0.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.24", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981"}, {"url": "https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824"}, {"url": "https://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbc"}, {"url": "https://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079"}, {"url": "https://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013d"}, {"url": "https://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8"}, {"url": "https://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7"}, {"url": "https://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2"}], "title": "smb: client: reject userspace cifs.spnego descriptions", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "references": [{"url": "https://github.com/manizada/CIFSwitch", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-01T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-46243"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T03:56:00.563Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/01/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-01T18:55:00.540Z"}}, {"affected": [{"cpes": ["cpe:/a:redhat:enterprise_linux_nvidia:10::el10"], "defaultStatus": "affected", "product": "NVIDIA for RHEL 10", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_els:6"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_els:6"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Server (v. 7 ELS)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux_eus:10.0"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.2::appstream"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.4::appstream"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.6::appstream"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux_eus:10.0"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_tus:8.8::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.2::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.4::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.6::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux_eus:10.0"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::crb"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux CRB (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.6::crb"], "defaultStatus": "affected", "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux_eus:10.0"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::nfv"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux NFV (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.2::nfv"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.4::nfv"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.6::nfv"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::nfv"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux_eus:10.0"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::realtime"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux RT (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.2::realtime"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.4::realtime"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time E4S (v.9.4)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.6::realtime"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::realtime"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat"}], "datePublic": "2026-05-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-825", "description": "Expired Pointer Dereference", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-46243"}, {"name": "RHBZ#2481486", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481486"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46243.json"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:23395"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27719"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27729"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:25908"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:23329"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:26515"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27735"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27708"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:24381"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:23258"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33220"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:26535"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:26570"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:26563"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33219"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33221"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33222"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33223"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:33224"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:23259"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:26462"}], "solutions": [{"lang": "en", "value": "RHSA-2026:23395: NVIDIA for RHEL 10"}, {"lang": "en", "value": "RHSA-2026:27719: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"}, {"lang": "en", "value": "RHSA-2026:27729: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"}, {"lang": "en", "value": "RHSA-2026:25908: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"}, {"lang": "en", "value": "RHSA-2026:23329: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"}, {"lang": "en", "value": "RHSA-2026:26515: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"}, {"lang": "en", "value": "RHSA-2026:27735: Red Hat Enterprise Linux AppStream E4S (v.9.4), Red Hat Enterprise Linux BaseOS E4S (v.9.4), Red Hat Enterprise Linux Real Time E4S (v.9.4), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)"}, {"lang": "en", "value": "RHSA-2026:27708: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"}, {"lang": "en", "value": "RHSA-2026:24381: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"}, {"lang": "en", "value": "RHSA-2026:23258: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"}, {"lang": "en", "value": "RHSA-2026:33220: Red Hat Enterprise Linux BaseOS (v. 8)"}, {"lang": "en", "value": "RHSA-2026:26535: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"}, {"lang": "en", "value": "RHSA-2026:26570: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)"}, {"lang": "en", "value": "RHSA-2026:26563: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"}, {"lang": "en", "value": "RHSA-2026:33219: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"}, {"lang": "en", "value": "RHSA-2026:33221: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"}, {"lang": "en", "value": "RHSA-2026:33222: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"}, {"lang": "en", "value": "RHSA-2026:33223: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"}, {"lang": "en", "value": "RHSA-2026:33224: Red Hat Enterprise Linux BaseOS (v. 9)"}, {"lang": "en", "value": "RHSA-2026:23259: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"}, {"lang": "en", "value": "RHSA-2026:26462: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"}], "timeline": [{"lang": "en", "time": "2026-05-26T15:07:49.955Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-05-26T00:00:00.000Z", "value": "Made public."}], "title": "kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions", "workarounds": [{"lang": "en", "value": "See the security bulletin for a detailed mitigation procedure."}], "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T02:41:30.626Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/01/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-01T18:55:00.540Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-46243", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-01T17:52:03.133770Z"}}}], "references": [{"url": "https://github.com/manizada/CIFSwitch", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T17:50:56.636Z"}}], "cna": {"title": "smb: client: reject userspace cifs.spnego descriptions", "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}}], "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "7713bd320ed4fc3d08a227cd8e41242219a16981", "versionType": "git"}, {"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "9544559e59438a4b609b2fdfa0763d8360572824", "versionType": "git"}, {"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "cf20038657d6d4974349556a34e08fe0490bebbc", "versionType": "git"}, {"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "2035acfb17221729b1b8ac335e941868a04ca079", "versionType": "git"}, {"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "a3bbda6502a9398b816fa2e71c9a3f955f58013d", "versionType": "git"}, {"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "91f89c1d83e80417629791fcef6af8140d7d01c8", "versionType": "git"}, {"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "0aece6685fc80a8de492688ca2315fb86ec379c7", "versionType": "git"}, {"status": "affected", "version": "f1d662a7d5e5322e583aad6b3cfec03d8f27b435", "lessThan": "3da1fdf4efbc490041eb4f836bf596201203f8f2", "versionType": "git"}], "programFiles": ["fs/smb/client/cifs_spnego.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.24"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.24", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.258", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.209", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.175", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.142", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.12.92", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.18.34", "versionType": "semver", "lessThanOrEqual": "6.18.*"}, {"status": "unaffected", "version": "7.0.11", "versionType": "semver", "lessThanOrEqual": "7.0.*"}, {"status": "unaffected", "version": "7.1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/smb/client/cifs_spnego.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981"}, {"url": "https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824"}, {"url": "https://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbc"}, {"url": "https://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079"}, {"url": "https://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013d"}, {"url": "https://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8"}, {"url": "https://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7"}, {"url": "https://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: reject userspace cifs.spnego descriptions\n\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\n\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.258", "versionStartIncluding": "2.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.209", "versionStartIncluding": "2.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.175", "versionStartIncluding": "2.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.142", "versionStartIncluding": "2.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12.92", "versionStartIncluding": "2.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.18.34", "versionStartIncluding": "2.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.0.11", "versionStartIncluding": "2.6.24"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.1", "versionStartIncluding": "2.6.24"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-14T18:05:20.395Z"}}}, "cveMetadata": {"cveId": "CVE-2026-46243", "state": "PUBLISHED", "dateUpdated": "2026-06-14T18:05:20.395Z", "dateReserved": "2026-05-13T15:03:33.107Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2026-06-01T16:22:29.211Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E43C0F1-F2DB-4268-8DB8-64602E14F05D", "versionEndExcluding": "5.10.258", "versionStartIncluding": "2.6.24.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "919C10A9-7951-4A74-BADD-C135A0A8D8B4", "versionEndExcluding": "5.15.209", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92385813-D91D-480D-83A1-F423D2CBB2BA", "versionEndExcluding": "6.1.175", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBFF77B0-526A-4AF1-84D0-ED7187624A67", "versionEndExcluding": "6.6.142", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9", "versionEndExcluding": "6.12.92", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0", "versionEndExcluding": "6.18.34", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0520D091-FC52-4A50-AF07-70AE7D08B750", "versionEndExcluding": "7.0.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*", "matchCriteriaId": "6F3E61F3-1CF1-4176-94CD-89A408BCFC96", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*", "matchCriteriaId": "FF6588E7-F4FA-40F5-8945-FC7B6094376E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc4:*:*:*:*:*:*", "matchCriteriaId": "AE87E13E-ACF7-4F74-8938-729F3B0D694C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc5:*:*:*:*:*:*", "matchCriteriaId": "D4965A12-1BBA-4494-A5C1-43E0C0F48C14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc6:*:*:*:*:*:*", "matchCriteriaId": "B7A18909-B468-4A5C-8DCC-2690F1F1D6C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc7:*:*:*:*:*:*", "matchCriteriaId": "AEFCCCBD-B3EA-4A78-BEF9-6BD4793AAE10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc8:*:*:*:*:*:*", "matchCriteriaId": "F8AF0C46-6BF2-46A3-8AD8-1E521E736169", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "B1EF7059-E670-45F4-B422-54C40FA86390", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D38F0BF-A728-4133-A358-D44A2F7EE6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "EC732D08-5F7B-46D9-B154-E60C7F4F0A97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "E5910A9D-F60A-409A-B486-FE66BFEBA9B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: reject userspace cifs.spnego descriptions\n\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\n\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key."}], "id": "CVE-2026-46243", "lastModified": "2026-06-09T20:47:29.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-06-01T17:17:34.173", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/06/01/6"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"], "url": "https://github.com/manizada/CIFSwitch"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions", "id": "2481486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481486"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges."], "mitigation": {"lang": "en:us", "value": "See the security bulletin for a detailed mitigation procedure."}, "name": "CVE-2026-46243", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_nvidia:", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux for NVIDIA 26"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-05-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46243\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46243\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3da1fdf4efbc490041eb4f836bf596201203f8f2\nhttps://lore.kernel.org/linux-cve-announce/2026060140-CVE-2026-46243-3d1c@gregkh/"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,7713bd320ed4fc3d08a227cd8e41242219a16981)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,9544559e59438a4b609b2fdfa0763d8360572824)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,cf20038657d6d4974349556a34e08fe0490bebbc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,2035acfb17221729b1b8ac335e941868a04ca079)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,a3bbda6502a9398b816fa2e71c9a3f955f58013d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,91f89c1d83e80417629791fcef6af8140d7d01c8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,0aece6685fc80a8de492688ca2315fb86ec379c7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f1d662a7d5e5322e583aad6b3cfec03d8f27b435,3da1fdf4efbc490041eb4f836bf596201203f8f2)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.6.24"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,2.6.24)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.258,6.0.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.209,6.0.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.175,7.0.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.142,7.0.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.92,7.0.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.34,7.0.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.11,8.0.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "kernel", "vendor": "linux"}], "created": "2026-06-01T19:15:11.607783+00:00", "updated": "2026-06-09T23:30:05.502921+00:00", "vendors": ["linux", "linux$PRODUCT$kernel"]}