CRITICALCVE-2026-45972Published Modified CNA Linux
CVE-2026-45972: smb: client: fix potential UAF and double free in smb2_open_file()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- 0
- Affected Products
- 2
Fix available
04d339b219004869e96c4ce56b8891f83a38da4c06.1.1656.6.1286.12.756.18.146.19.4639deb962986ef2f5e2a6d5a600c66f922471e817.07425453ea16dbc3bbb0f6cac4d60b537e5e4d15196e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74e66dcf7bb9c4df5582c82bc3582725abcbfbea73ebbbc4bfad4cb355d17c671223d0814ee3ef4eda
Affected packages
- Linux / Linux< 96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74 (from 743f70406264348c0830f38409eb6c40a42fb2db) · < 7425453ea16dbc3bbb0f6cac4d60b537e5e4d151 (from 3a6d6b332f92990958602c1e35ce0173e2dd62e9) · < 4d339b219004869e96c4ce56b8891f83a38da4c0 (from b64e3b5d8d759dd4333992e4ba4dadf9359952c8) · < e66dcf7bb9c4df5582c82bc3582725abcbfbea73 (from 9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5) · < 639deb962986ef2f5e2a6d5a600c66f922471e81 (from e3a43633023e3cacaca60d4b8972d084a2b06236) · < ebbbc4bfad4cb355d17c671223d0814ee3ef4eda (from e3a43633023e3cacaca60d4b8972d084a2b06236)
- Linux / Linux6.19Fixed in 0, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H