CVE-2025-2312
Public on 2025-03-25
Modified on 2025-09-19
Description
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | cifs-utils | No Fix Planned | ||
| Amazon Linux 2 - Core | cifs-utils | Pending Fix | ||
| Amazon Linux 2023 | cifs-utils | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| NVD | CVSSv3 | 5.9 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |