Skip to main content

Linux EUVDEUVD-2026-15240

| CVE-2026-23303 MEDIUM
2026-03-25 Linux GHSA-7rpf-jpp6-g4v7
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 28, 2026 - 15:07 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15240
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

smb: client: Don't log plaintext credentials in cifs_set_cifscreds

When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing credentials.

AnalysisAI

The Linux kernel CIFS client contains an information disclosure vulnerability where debug logging in the cifs_set_cifscreds() function exposes plaintext usernames and passwords in kernel logs when debug logging is enabled. This affects all versions of the Linux kernel with CIFS client support, allowing any local user or administrator with access to kernel logs to recover plaintext SMB credentials. While no CVSS score, EPSS data, or KEV status is publicly available, the severity is elevated due to the direct exposure of authentication credentials in commonly-accessible debug logs.

Technical ContextAI

The vulnerability exists in the Linux kernel's CIFS (Common Internet File System) client implementation, specifically within the cifs_set_cifscreds() function located in the SMB protocol handling subsystem. When kernel debug logging is enabled (a common configuration in development and troubleshooting scenarios), this function logs the key payload containing plaintext SMB credentials. The root cause is an information disclosure flaw (related to CWE-532: Insertion of Sensitive Information into Log File) where sensitive authentication material is written to kernel logs without sanitization or redaction. The CIFS protocol is fundamental to Linux-based systems that authenticate to Windows/SMB file servers, making credential exposure particularly impactful. The affected component is part of the core kernel SMB client driver (fs/smb/client/) used by millions of Linux systems in enterprise and hybrid cloud environments.

RemediationAI

Update the Linux kernel to a version that includes the security patches referenced in the kernel stable repository (commits ff0ece8ed04180c52167c003362284b23cf54e8d and others). Most major Linux distributions will release patched kernels through their standard security channels; monitor your distribution's security advisories (Red Hat Security Advisories, Ubuntu Security Notices, Debian Security Updates, etc.) and apply kernel updates at your earliest maintenance window. As an interim mitigation, disable kernel debug logging for the CIFS subsystem if it is not actively required, and restrict access to kernel logs (/var/log/kern.log, dmesg output) to privileged users only via file permissions and audit controls. Additionally, implement credential rotation for SMB/CIFS service accounts shortly after applying patches, as any credentials that may have been logged prior to patching should be considered compromised. Monitor systems for signs of unauthorized SMB access using network segmentation and access logging on SMB servers.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15240 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy