GHSA-v762-vr2v-9263unknown

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission...

Published
June 24, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE

FSCTL_SET_SPARSE in fsctl_set_sparse() modifies the file's sparse attribute and saves it through xattr without any permission checks.

This exposes two issues:

  1. A client on a read-only share can change the sparse attribute on files it opened, even though the share is read-only. Other FSCTL write operations already check test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE), but FSCTL_SET_SPARSE does not.

  2. Even on writable shares, clients without FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES access should not modify the sparse attribute. Similar handle-level checks exist in other functions but are missing here.

Add both share-level writable check and per-handle access check. Use goto out on error to avoid leaking file references.

🔗 References (6)