CVE Catalog

CVE-2026-45972

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the smb2_open_file() function of the SMB client. Failing to zero out @err_iov and @err_buftype pointers before retrying SMB2_open() can lead to a use-after-free (UAF) or double free when @data is not NULL.

Risk Assessment

The risk includes potential kernel memory corruption, which could lead to system crashes or privilege escalation by a local attacker.

Recommendation

It is recommended to immediately apply the patch from the official Linux kernel repository for affected versions and update the system to the latest stable kernel release.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS