9.8

CVE-2026-53010

ksmbd: fix use-after-free in smb2_open during durable reconnect

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb2_open during durable reconnect

In smb2_open, the call to ksmbd_put_durable_fd(fp) drops the reference
to the durable file descriptor early during the durable reconnect
process. If an error occurs subsequently (eg, ksmbd_iov_pin_rsp fails)
or a scavenger accesses the file, it leads to a use-after-free when
accessing fp properties (eg fp->create_time).

Move the single put to the end of the function below err_out2 so fp
stays valid until smb2_open returns.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version c8efcc786146a951091588e5fa7e3c754850cb3c
Version < ce2e164c1c51c3f7813b80f8c926836e896bcbb3
Status affected
Version c8efcc786146a951091588e5fa7e3c754850cb3c
Version < 97a0cd55283b4e63fd92804da91c8d9896adcad9
Status affected
Version c8efcc786146a951091588e5fa7e3c754850cb3c
Version < 1baff47b81f94f9231c91236aa511420d0e266b9
Status affected
Version 8df4bcdb0a4232192b2445256c39b787d58ef14d
Status affected
Version 6.6.32
Version < 6.7
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.9
Status affected
Version 0
Version < 6.9
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.349
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/ce2e164c1c51c3f7813b80f8c926836e896bcbb3
https://git.kernel.org/stable/c/97a0cd55283b4e63fd92804da91c8d9896adcad9
https://git.kernel.org/stable/c/1baff47b81f94f9231c91236aa511420d0e266b9