CVE-2026-46185
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel affecting the symlink_data() function. The issue arises from a lack of length validation for the symlink error response, which may lead to out-of-bounds reads.
Risk Assessment
An attacker could exploit this vulnerability to read data outside the allocated buffer, potentially leading to the disclosure of sensitive information or system instability.
Recommendation
It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed to minimize the risk of potential exploitation.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_message() returns success without length validation for the symlink error response, in symlink_data() it is possible for iov->iov_len to be smaller than sizeof(struct smb2_err_rsp). If the buffer only contains the base SMB2 header (64 bytes), accessing err->ErrorContextCount (at offset 66) or err->ByteCount later in symlink_data() will cause an out-of-bounds read.

