smb: client: fix potential UAF and double free in smb2_open_file()

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF and double free in smb2_open_file()

Zero out @err_iov and @err_buftype before retrying SMB2_open() to
prevent an UAF bug if @data != NULL, otherwise a double free.

Basic Information

ID CVE-2026-45972

Source Linux

Published May 27, 2026 at 12:18

Modified May 30, 2026 at 10:46

Affected Product

Vendor Linux

Product Linux

Version 743f70406264348c0830f38409eb6c40a42fb2db

Affected Versions Linux Linux 743f70406264348c0830f38409eb6c40a42fb2db
Linux Linux 3a6d6b332f92990958602c1e35ce0173e2dd62e9
Linux Linux b64e3b5d8d759dd4333992e4ba4dadf9359952c8
Linux Linux 9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5
Linux Linux e3a43633023e3cacaca60d4b8972d084a2b06236
Linux Linux e3a43633023e3cacaca60d4b8972d084a2b06236
Linux Linux 6.1.163
Linux Linux 6.6.124
Linux Linux 6.12.70
Linux Linux 6.18.10
Linux Linux 6.19

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF and double free in smb2_open_file()\n\nZero out @err_iov and @err_buftype before retrying SMB2_open() to\nprevent an UAF bug if @data != NULL, otherwise a double free.",
    "published": "2026-05-27T12:18:31.500Z",
    "modified": "2026-05-30T10:46:21.265Z",
    "type": "cve",
    "title": "smb: client: fix potential UAF and double free in smb2_open_file()",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74\nhttps://git.kernel.org/stable/c/7425453ea16dbc3bbb0f6cac4d60b537e5e4d151\nhttps://git.kernel.org/stable/c/4d339b219004869e96c4ce56b8891f83a38da4c0\nhttps://git.kernel.org/stable/c/e66dcf7bb9c4df5582c82bc3582725abcbfbea73\nhttps://git.kernel.org/stable/c/639deb962986ef2f5e2a6d5a600c66f922471e81\nhttps://git.kernel.org/stable/c/ebbbc4bfad4cb355d17c671223d0814ee3ef4eda",
    "id": "CVE-2026-45972",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 743f70406264348c0830f38409eb6c40a42fb2db\nLinux Linux 3a6d6b332f92990958602c1e35ce0173e2dd62e9\nLinux Linux b64e3b5d8d759dd4333992e4ba4dadf9359952c8\nLinux Linux 9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5\nLinux Linux e3a43633023e3cacaca60d4b8972d084a2b06236\nLinux Linux e3a43633023e3cacaca60d4b8972d084a2b06236\nLinux Linux 6.1.163\nLinux Linux 6.6.124\nLinux Linux 6.12.70\nLinux Linux 6.18.10\nLinux Linux 6.19",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "743f70406264348c0830f38409eb6c40a42fb2db",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

smb: client: fix potential UAF and double free in smb2_open_file()_CVE-2026-45972

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply