CVE-2026-45972
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk25th percentile — higher than 25% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the smb2_open_file() function of the SMB client. Failing to zero out @err_iov and @err_buftype pointers before retrying SMB2_open() can lead to a use-after-free (UAF) or double free when @data is not NULL.
Risk Assessment
The risk includes potential kernel memory corruption, which could lead to system crashes or privilege escalation by a local attacker.
Recommendation
It is recommended to immediately apply the patch from the official Linux kernel repository for affected versions and update the system to the latest stable kernel release.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.

