5.5

CVE-2026-23282

smb: client: fix oops due to uninitialised var in smb2_unlink()

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix oops due to uninitialised var in smb2_unlink()

If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the
iovs set @rqst will be left uninitialised, hence calling
SMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will
oops.

Fix this by initialising @close_iov and @open_iov before setting them
in @rqst.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.17.1 < 6.18.17
LinuxLinux Kernel Version >= 6.19 < 6.19.7
LinuxLinux Kernel Version6.17 Update-
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.022
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91
Patch
https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a
Patch
https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864
Patch