Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2312

Опубликовано: 11 нояб. 2024
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

Отчет

No evidence was found of the possibility of a container escape, restricting the impact to confidentiality. Hence, this flaw is rated with a Moderate impact rating. This flaws affects only the cifs-utils component but requires a two part fix. This is why the kernel component is also listed.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10cifs-utilsAffected
Red Hat Enterprise Linux 10kernelAffected
Red Hat Enterprise Linux 6cifs-utilsOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7cifs-utilsOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8cifs-utilsOut of support scope
Red Hat Enterprise Linux 8kernelOut of support scope
Red Hat Enterprise Linux 8kernel-rtOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-488
https://bugzilla.redhat.com/show_bug.cgi?id=2352604cifs-utils: kernel: cifs-utils: cifs.upcall makes an upcall to the wrong namespace in containerized environments

EPSS

Процентиль: 2%
0.00015
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2312

CVSS3: 5.9
ubuntu
5 месяцев назад

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

nvd логотип

CVE-2025-2312

CVSS3: 5.9
nvd
5 месяцев назад

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

msrc логотип

CVE-2025-2312

CVSS3: 5.9
msrc
5 месяцев назад

Описание отсутствует

debian логотип

CVE-2025-2312

CVSS3: 5.9
debian
5 месяцев назад

A flaw was found in cifs-utils. When trying to obtain Kerberos credent ...

suse-cvrf логотип

SUSE-SU-2025:1381-1

suse-cvrf
4 месяца назад

Security update for cifs-utils

EPSS

Процентиль: 2%
0.00015
Низкий

5.9 Medium

CVSS3