8.1

CVE-2026-52967

smb/client: fix possible infinite loop and oob read in symlink_data()

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix possible infinite loop and oob read in symlink_data()

On 32-bit architectures, the infinite loop is as follows:

  len = p->ErrorDataLength == 0xfffffff8
  u8 *next = p->ErrorContextData + len
  next == p

On 32-bit architectures, the out-of-bounds read is as follows:

  len = p->ErrorDataLength == 0xfffffff0
  u8 *next = p->ErrorContextData + len
  next == (u8 *)p - 8
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 76894f3e2f71177747b8b4763fb180e800279585
Version < 1cfa2d59f669db28d6292d10ff87ca6837c781b0
Status affected
Version 76894f3e2f71177747b8b4763fb180e800279585
Version < b41598bf54b3fe528994e573df6008f8f4d0a4f4
Status affected
Version 76894f3e2f71177747b8b4763fb180e800279585
Version < cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23
Status affected
Version 76894f3e2f71177747b8b4763fb180e800279585
Version < 97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb
Status affected
Version 76894f3e2f71177747b8b4763fb180e800279585
Version < 1b9331b16b0ed9414dcf7583d8134bdfeb117aae
Status affected
Version 76894f3e2f71177747b8b4763fb180e800279585
Version < 7d9a7f1f96cd617ee9e75bb22217c709038e26b8
Status affected
Version 2d046892a493d9760c35fdaefc3017f27f91b621
Status affected
Version 6.0.16
Version < 6.1
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.1
Status affected
Version 0
Version < 6.1
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.317
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1cfa2d59f669db28d6292d10ff87ca6837c781b0
https://git.kernel.org/stable/c/b41598bf54b3fe528994e573df6008f8f4d0a4f4
https://git.kernel.org/stable/c/cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23
https://git.kernel.org/stable/c/97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb
https://git.kernel.org/stable/c/1b9331b16b0ed9414dcf7583d8134bdfeb117aae
https://git.kernel.org/stable/c/7d9a7f1f96cd617ee9e75bb22217c709038e26b8