9.8
CVE-2026-45972
- EPSS 0.33%
- Veröffentlicht 27.05.2026 12:18:31
- Zuletzt bearbeitet 30.06.2026 03:20:07
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
smb: client: fix potential UAF and double free in smb2_open_file()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.1.163 < 6.1.165
Linux ≫ Linux Kernel Version >= 6.6.124 < 6.6.128
Linux ≫ Linux Kernel Version >= 6.12.70 < 6.12.75
Linux ≫ Linux Kernel Version >= 6.18.10 < 6.18.14
Linux ≫ Linux Kernel Version >= 6.19.1 < 6.19.4
Linux ≫ Linux Kernel Version6.19 Update-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.251 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CWE-825 Expired Pointer Dereference
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
https://git.kernel.org/stable/c/96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74
https://git.kernel.org/stable/c/7425453ea16dbc3bbb0f6cac4d60b537e5e4d151
https://git.kernel.org/stable/c/4d339b219004869e96c4ce56b8891f83a38da4c0
https://git.kernel.org/stable/c/e66dcf7bb9c4df5582c82bc3582725abcbfbea73
https://git.kernel.org/stable/c/639deb962986ef2f5e2a6d5a600c66f922471e81
https://git.kernel.org/stable/c/ebbbc4bfad4cb355d17c671223d0814ee3ef4eda
https://access.redhat.com/security/cve/CVE-2026-45972
https://bugzilla.redhat.com/show_bug.cgi?id=2481973
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45972.json