CVE-2026-23205

MEDIUM EPSS 1.7%
Published Feb 14, 20264mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 14, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //${server_ip}/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4. client: umount /mnt 5. client: sleep 1 6. client: modprobe -r cifs The error message is as follows: ============================================================================= BUG cifs_small_rq (Not tainted): Objects remaining on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Object 0x00000000d47521be @offset=14336 ... WARNING: mm/slub.c:1251 at __kmem_cache_shutdown+0x34e/0x440, CPU#0: modprobe/1577 ... Call Trace: <TASK> kmem_cache_destroy+0x94/0x190 cifs_destroy_request_bufs+0x3e/0x50 [cifs] cleanup_module+0x4e/0x540 [cifs] __se_sys_delete_module+0x278/0x400 __x64_sys_delete_module+0x5f/0x70 x64_sys_call+0x2299/0x2ff0 do_syscall_64+0x89/0x350 entry_SYSCALL_64_after_hwframe+0x76/0x7e ... kmem_cache_destroy cifs_small_rq: Slab cache still has objects when called from cifs_destroy_request_bufs+0x3e/0x50 [cifs] WARNING: mm/slab_common.c:532 at kmem_cache_destroy+0x16b/0x190, CPU#0: modprobe/1577

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥6.1.141  –  <6.1.163
linuxlinux_kernel*≥6.6.93  –  <6.6.124
linuxlinux_kernel*≥6.12.31  –  <6.12.70
linuxlinux_kernel*≥6.14.9  –  <6.18.10
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/3a6d6b332f92990958602c1e35ce0173e2dd62e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/743f70406264348c0830f38409eb6c40a42fb2db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b64e3b5d8d759dd4333992e4ba4dadf9359952c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e3a43633023e3cacaca60d4b8972d084a2b06236
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3a6d6b332f92990958602c1e35ce0173e2dd62e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/743f70406264348c0830f38409eb6c40a42fb2db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b64e3b5d8d759dd4333992e4ba4dadf9359952c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e3a43633023e3cacaca60d4b8972d084a2b06236
    Patch