Home

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-30 | Assigner Linux




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

743f70406264348c0830f38409eb6c40a42fb2db (git) before 96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74
affected

3a6d6b332f92990958602c1e35ce0173e2dd62e9 (git) before 7425453ea16dbc3bbb0f6cac4d60b537e5e4d151
affected

b64e3b5d8d759dd4333992e4ba4dadf9359952c8 (git) before 4d339b219004869e96c4ce56b8891f83a38da4c0
affected

9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5 (git) before e66dcf7bb9c4df5582c82bc3582725abcbfbea73
affected

e3a43633023e3cacaca60d4b8972d084a2b06236 (git) before 639deb962986ef2f5e2a6d5a600c66f922471e81
affected

e3a43633023e3cacaca60d4b8972d084a2b06236 (git) before ebbbc4bfad4cb355d17c671223d0814ee3ef4eda
affected

6.1.163 (semver) before 6.1.165
affected

6.6.124 (semver) before 6.6.128
affected

6.12.70 (semver) before 6.12.75
affected

6.18.10 (semver) before 6.18.14
affected

Default status
affected

6.19
affected

Any version before 6.19
unaffected

6.1.165 (semver)
unaffected

6.6.128 (semver)
unaffected

6.12.75 (semver)
unaffected

6.18.14 (semver)
unaffected

6.19.4 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74

git.kernel.org/...c/7425453ea16dbc3bbb0f6cac4d60b537e5e4d151

git.kernel.org/...c/4d339b219004869e96c4ce56b8891f83a38da4c0

git.kernel.org/...c/e66dcf7bb9c4df5582c82bc3582725abcbfbea73

git.kernel.org/...c/639deb962986ef2f5e2a6d5a600c66f922471e81

git.kernel.org/...c/ebbbc4bfad4cb355d17c671223d0814ee3ef4eda

cve.org (CVE-2026-45972)

nvd.nist.gov (CVE-2026-45972)

Download JSON