Critical Bug Fix for CVE-2026-12505 in Oracle Linux 8 and 9

Critical Bug Fix for CVE-2026-12505 in Oracle Linux 8 and 9

First seen 17 Jul 2026, 08:27 UTC Linuxsecurity 88% similarity 70.5

Article Content

Browse articles
ThreatCluster

Oracle has released important bug fixes for CVE-2026-12505 affecting cifs-utils in both Oracle Linux 8 and 9. The vulnerability allows local privilege escalation (LPE) through cifs.spnego, impacting users of both distributions. The CVE was published on 2026-06-18, and the fixes were released on 2026-07-17. Users are advised to update their systems promptly to mitigate potential exploitation. The fixes address issues such as krb5 mount regression and compiler warnings. Both Oracle Linux 8 and 9 are affected, with specific updates provided for each version. The updates include version 7.0-5 for Oracle Linux 8 and version 7.6-2 for Oracle Linux 9, which resolve the identified vulnerabilities.

Key Points: • CVE-2026-12505 allows local privilege escalation in Oracle Linux cifs-utils. • Critical updates were released on 2026-07-17 for both Oracle Linux 8 and 9. • Users are urged to apply patches immediately to prevent exploitation.

ThreatCluster AI

Timeline

2026-06-18
CVE-2026-12505 published
Oracle disclosed a local privilege escalation vulnerability in cifs-utils affecting multiple Linux distributions.
Linuxsecurity
2026-07-17
Patch released for Oracle Linux 8
Oracle released version 7.0-5 of cifs-utils to fix CVE-2026-12505, addressing multiple issues.
Linuxsecurity
2026-07-17
Patch released for Oracle Linux 9
Oracle released version 7.6-2 of cifs-utils to resolve CVE-2026-12505, including fixes for krb5 mount regression.
Linuxsecurity

Community

Browse all →