CVE-2026-52944

Source
https://cve.org/CVERecord?id=CVE-2026-52944
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52944.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52944
Downstream
Published
2026-06-24T09:59:09.149Z
Modified
2026-07-10T03:53:46.203784578Z
Summary
ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE

FSCTLSETSPARSE in fsctlsetsparse() modifies the file's sparse attribute and saves it through xattr without any permission checks.

This exposes two issues:

1) A client on a read-only share can change the sparse attribute on files it opened, even though the share is read-only. Other FSCTL write operations already check testtreeconnflag(work->tcon, KSMBDTREECONNFLAGWRITABLE), but FSCTLSET_SPARSE does not.

2) Even on writable shares, clients without FILEWRITEDATA or FILEWRITEATTRIBUTES access should not modify the sparse attribute. Similar handle-level checks exist in other functions but are missing here.

Add both share-level writable check and per-handle access check. Use goto out on error to avoid leaking file references.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52944.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Fixed
3127a884525dc8ca4def73254bfcd3ccef0bf812
Fixed
de9eb0b44fa9123170e6245b49638e0e453c10f8
Fixed
aef151bcfa494bfe983669de2726734b534adb73
Fixed
cc57232cae23c0df91b4a59d0f519141ce9b5b02

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52944.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.18.35
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52944.json"