CVE-2026-23282

MEDIUM EPSS 2.2%
Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2_unlink() If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the iovs set @rqst will be left uninitialised, hence calling SMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will oops. Fix this by initialising @close_iov and @open_iov before setting them in @rqst.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.17.1  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel6.17any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a
    Patch