AZL-59284

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59284.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59284

Upstream

CVE-2025-2312

Published

2025-03-25T18:15:34Z

Modified

2026-04-01T05:19:27.759198Z

Summary

CVE-2025-2312 affecting package cifs-utils for versions less than 7.3-1

Details

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2312

Affected packages

Azure Linux:3 / cifs-utils

Package

Name: cifs-utils
Purl: pkg:rpm/azure-linux/cifs-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59284.json"