CVE-2026-52967
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the SMB client subsystem that can cause an infinite loop and out-of-bounds read in the symlink_data() function. The issue occurs on 32-bit architectures when the ErrorDataLength field is set to specific large values (0xfffffff8 or 0xfffffff0), leading to incorrect pointer arithmetic.
Risk Assessment
An attacker could exploit this vulnerability to cause a system hang (infinite loop) or read memory beyond the allocated buffer, potentially leading to sensitive data leakage or further privilege escalation.
Recommendation
Immediately update the Linux kernel to a version containing the fix for CVE-2026-52967. Monitor official security advisories from your Linux distribution and apply the patch as soon as possible.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlink_data() On 32-bit architectures, the infinite loop is as follows: len = p->ErrorDataLength == 0xfffffff8 u8 *next = p->ErrorContextData + len next == p On 32-bit architectures, the out-of-bounds read is as follows: len = p->ErrorDataLength == 0xfffffff0 u8 *next = p->ErrorContextData + len next == (u8 *)p - 8

