CVE-2025-2312 – cifs.upcall makes an upcall to the wrong namespace in containerized environments

https://notcve.org/view.php?id=CVE-2025-2312

25 Mar 2025 — A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache. Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbit... • https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174 • CWE-488: Exposure of Data Element to Wrong Session •