{
  "threat_severity" : "Important",
  "public_date" : "2026-05-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions",
    "id" : "2481486",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2481486"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-825",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: reject userspace cifs.spnego descriptions\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key.", "A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges." ],
  "statement" : "This issue is classified as Important severity primarily because a low-privileged local user can achieve full privilege escalation to root without any user interaction. The attack requires local access, which prevents remote exploitation and is the primary factor keeping the rating at Important rather than Critical.\nExploitation requires three components to be present on the system: the `cifs` kernel module (loaded or loadable), the `cifs-utils` package with its default `cifs.spnego` request-key rule, and the ability to create unprivileged user and mount namespaces. All three must be present for the attack chain to succeed. Environments that do not use SMB/CIFS file shares or Active Directory integration are unlikely to have `cifs-utils` installed, reducing their exposure.",
  "affected_release" : [ {
    "product_name" : "NVIDIA for RHEL 10",
    "release_date" : "2026-06-04T00:00:00Z",
    "advisory" : "RHSA-2026:23395",
    "cpe" : "cpe:/a:redhat:enterprise_linux_nvidia:10::el10",
    "package" : "kernel-0:6.12.0-212.9.el10nv"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-04T00:00:00Z",
    "advisory" : "RHSA-2026:23329",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "kernel-0:6.12.0-211.20.1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:25908",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "kernel-0:6.12.0-55.79.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27719",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "kernel-0:2.6.32-754.61.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27729",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "kernel-0:3.10.0-1160.153.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-04T00:00:00Z",
    "advisory" : "RHSA-2026:23259",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.129.1.rt7.470.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-04T00:00:00Z",
    "advisory" : "RHSA-2026:23258",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.129.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26535",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.194.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26535",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.194.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26570",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.196.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26570",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.6",
    "package" : "kernel-0:4.18.0-372.196.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26563",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.147.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26563",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.147.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-08T00:00:00Z",
    "advisory" : "RHSA-2026:24381",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-687.13.1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-08T00:00:00Z",
    "advisory" : "RHSA-2026:24381",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-687.13.1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26515",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.176.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26462",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.176.1.rt14.461.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27735",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "kernel-0:5.14.0-427.132.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27708",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.123.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4",
    "impact" : "low"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-46243\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46243\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3da1fdf4efbc490041eb4f836bf596201203f8f2\nhttps://lore.kernel.org/linux-cve-announce/2026060140-CVE-2026-46243-3d1c@gregkh/" ],
  "name" : "CVE-2026-46243",
  "mitigation" : {
    "value" : "See the security bulletin for a detailed mitigation procedure.",
    "lang" : "en:us"
  },
  "csaw" : false
}