CVE-2026-46155
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel that allows for out-of-bounds read in the smb2_compound_op() function. The issue occurs when a server sends a truncated response with a large OutputBufferLength, potentially leading to kernel memory leakage.
Risk Assessment
This vulnerability may lead to the exposure of sensitive data from kernel memory, posing a risk to the integrity and confidentiality of the system.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to monitor the system for unauthorized access.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, check_wsl_eas() returns success without validating that the entire OutputBufferLength fits within iov_len. Then smb2_compound_op() does: memcpy(idata->wsl.eas, data[0], size[0]); Where size[0] is OutputBufferLength. If iov_len is smaller than size[0], memcpy can read beyond the end of the rsp_iov allocation and leak adjacent kernel heap memory.

