{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2312","assignerOrgId":"74b3a70d-cca6-4d34-9789-e83b222ae3be","state":"PUBLISHED","assignerShortName":"redhat-cnalr","dateReserved":"2025-03-14T14:44:33.471Z","datePublished":"2025-03-25T18:08:02.848Z","dateUpdated":"2025-03-25T18:23:15.943Z"},"containers":{"cna":{"providerMetadata":{"orgId":"74b3a70d-cca6-4d34-9789-e83b222ae3be","shortName":"redhat-cnalr","dateUpdated":"2025-03-25T18:08:02.848Z"},"title":"cifs.upcall  makes an upcall to the wrong namespace in containerized environments","datePublic":"2024-11-11T03:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-488","description":"CWE-488","type":"CWE"}]}],"affected":[{"vendor":"cifs-utils","product":"cifs-utils","versions":[{"status":"affected","version":"0","lessThan":"7.2","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.","supportingMedia":[{"type":"text/html","base64":false,"value":"A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache."}]}],"references":[{"url":"https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174","tags":["patch"]},{"url":"https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf","tags":["patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":5.9,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-25T18:22:51.623724Z","id":"CVE-2025-2312","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-25T18:23:15.943Z"}}]}}