9.1
CVE-2026-46185
- EPSS 0.51%
- Veröffentlicht 28.05.2026 09:36:39
- Zuletzt bearbeitet 11.06.2026 03:02:31
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
smb/client: fix out-of-bounds read in symlink_data()
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_message() returns success without length validation for the symlink error response, in symlink_data() it is possible for iov->iov_len to be smaller than sizeof(struct smb2_err_rsp). If the buffer only contains the base SMB2 header (64 bytes), accessing err->ErrorContextCount (at offset 66) or err->ByteCount later in symlink_data() will cause an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.0.16 < 6.1.175
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.88
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.30
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.7
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.396 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/ef6495d4df6e7af8f3de67e65150881c880f696c
https://git.kernel.org/stable/c/15dc0a4de743a1aaa7b859b3aea79f08c695396c
https://git.kernel.org/stable/c/b8c8a704f0bc133deb171f6aeb6f3a684203e212
https://git.kernel.org/stable/c/b9561402489d41149f63e001a74384863b7b30a6
https://git.kernel.org/stable/c/d62b8d236fab503c6fec1d3e9a38bea71feaca20
https://git.kernel.org/stable/c/2be11faf79e49fb8250a181ff0b4d2b2f084af83