CVE-2026-23230

MEDIUM EPSS 12.2%
Published Feb 18, 20264mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
12.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.1  –  <6.1.164
linuxlinux_kernel*≥6.2  –  <6.6.125
linuxlinux_kernel*≥6.7  –  <6.12.72
linuxlinux_kernel*≥6.13  –  <6.18.11
linuxlinux_kernel*≥6.19  –  <6.19.1

References 7

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-253495.html
  • git.kernel.org https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241
    Patch