CVE-2026-53010
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
A use-after-free vulnerability was found in the Linux kernel's ksmbd module in the smb2_open function during durable file descriptor reconnection. Premature release of the fp reference leads to accessing freed memory when accessing file properties like fp->create_time.
Risk Assessment
An attacker could exploit this vulnerability to achieve remote code execution or cause a system crash (DoS) by sending a crafted SMB2 request during durable reconnection.
Recommendation
Immediately update the Linux kernel to a version containing the fix that moves the ksmbd_put_durable_fd call to the end of the smb2_open function, below the err_out2 label.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2_open during durable reconnect In smb2_open, the call to ksmbd_put_durable_fd(fp) drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs subsequently (eg, ksmbd_iov_pin_rsp fails) or a scavenger accesses the file, it leads to a use-after-free when accessing fp properties (eg fp->create_time). Move the single put to the end of the function below err_out2 so fp stays valid until smb2_open returns.

