CVE-2026-23303

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing cr...

medium 5.5 CVSS 3.1
Published: Mar 25, 2026
Modified: May 28, 2026
Vendor: Linux
Product: Linux Kernel
Versions: 3.3,7.0

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: Don't log plaintext credentials in cifs_set_cifscreds

When debug logging is enabled, cifs_set_cifscreds() logs the key
payload and exposes the plaintext username and password. Remove the
debug log to avoid exposing credentials.

References

Related CVEs

CVE-2026-43500 high · 7.8
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_
CVE-2026-43416 medium · 5.5
In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current->mm is alive before getting user callchain It may happen that mm is already
CVE-2026-43387 medium · 5.5
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() Just like in commit 154828bf9559 ("staging:
CVE-2026-43388 high · 7.8
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to t
CVE-2026-43389 medium · 5.5
In the Linux kernel, the following vulnerability has been resolved: mm: memfd_luo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its o
CVE-2026-43390 medium · 5.5
In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see o