SB20260325148 - Cleartext Storage of Sensitive Information in Linux kernel smb client
Published: March 25, 2026
Security Bulletin ID
SB20260325148
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cleartext Storage of Sensitive Information (CVE-ID: CVE-2026-23303)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper output neutralization in the cifs_set_cifscreds function when handling debug logging. A local user can enable debug logging to disclose sensitive information.
The exposure of plaintext usernames and passwords occurs when debug logging is enabled, which may be accessible to local users with access to kernel logs.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2ef0fc3bf49db2b9df36d5f44508c9e384bfa2a1
- https://git.kernel.org/stable/c/2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d
- https://git.kernel.org/stable/c/3990f352bb0adc8688d0949a9c13e3110570eb61
- https://git.kernel.org/stable/c/3e182701db612ddd794ccd5ed822e6cc1db2b972
- https://git.kernel.org/stable/c/b746a357abfb8fdb0a171d51ec5091e786d34be1
- https://git.kernel.org/stable/c/ff0ece8ed04180c52167c003362284b23cf54e8d