5.5
CVE-2026-23282
- EPSS 0.12%
- Veröffentlicht 25.03.2026 10:26:42
- Zuletzt bearbeitet 22.05.2026 00:24:34
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
smb: client: fix oops due to uninitialised var in smb2_unlink()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2_unlink() If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the iovs set @rqst will be left uninitialised, hence calling SMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will oops. Fix this by initialising @close_iov and @open_iov before setting them in @rqst.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.17.1 < 6.18.17
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.7
Linux ≫ Linux Kernel Version6.17 Update-
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.022 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91
https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a
https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864