{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23282", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:42.495Z", "dateUpdated": "2026-03-25T10:26:42.495Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:42.495Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to uninitialised var in smb2_unlink()\n\nIf SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the\niovs set @rqst will be left uninitialised, hence calling\nSMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will\noops.\n\nFix this by initialising @close_iov and @open_iov before setting them\nin @rqst."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/smb2inode.c"], "versions": [{"version": "1cf9f2a6a544288516a7b9e883a48eba6246bcf2", "lessThan": "86163b98891aa9800f6103252e5acc7bb98afb91", "status": "affected", "versionType": "git"}, {"version": "1cf9f2a6a544288516a7b9e883a48eba6246bcf2", "lessThan": "dc710c87af3341554d02d634ada1d2036c49a94a", "status": "affected", "versionType": "git"}, {"version": "1cf9f2a6a544288516a7b9e883a48eba6246bcf2", "lessThan": "048efe129a297256d3c2088cf8d79515ff5ec864", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/smb2inode.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91"}, {"url": "https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a"}, {"url": "https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864"}], "title": "smb: client: fix oops due to uninitialised var in smb2_unlink()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to uninitialised var in smb2_unlink()\n\nIf SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the\niovs set @rqst will be left uninitialised, hence calling\nSMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will\noops.\n\nFix this by initialising @close_iov and @open_iov before setting them\nin @rqst."}], "id": "CVE-2026-23282", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:22.823", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: smb: client: fix oops due to uninitialised var in smb2_unlink()", "id": "2451246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451246"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["A flaw was found in the Linux kernel's Server Message Block (SMB) client. This vulnerability occurs when the SMB client fails to properly initialize variables during certain connection operations, such as reconnecting. An uninitialized variable can then be used, leading to a kernel panic and causing a Denial of Service (DoS) on the affected system. A remote attacker could potentially trigger this flaw."], "name": "CVE-2026-23282", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23282\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23282\nhttps://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23282-bad0@gregkh/T"], "statement": "This flaw affects systems using the SMB/CIFS client for network file sharing. When SMB2_open_init() or SMB2_close_init() fails during operations like reconnection, uninitialized iovec structures are used in subsequent calls, causing a kernel crash. The vulnerability can be triggered by network conditions that cause SMB reconnection failures.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T12:07:10.813460+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that includes the patch for smb2_unlink()", "Verify that the kernel build incorporates the changes from the Git commits listed in the references", "If an immediate kernel upgrade is not possible, reboot the affected systems to clear any pending crash conditions until a patch is applied"], "summary": {"action": "Patch", "impact": "Denial of Service via Kernel Crash"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that include the SMB client code before the commit that introduced the fix are vulnerable. The exact versions are not listed, but any kernel earlier than the commit that added the initialization should be evaluated.", "description_and_impact": "A failure to initialize an iov structure in the Linux kernel SMB client can trigger an oops condition when SMB2 functions are called after a failure. The flaw is an uninitialized variable weakness that causes the kernel to crash, leading to a denial of service for all users on the affected system.", "risk_and_exploitability": "The CVSS score is unknown and EPSS data is not available; the vulnerability is not listed in the CISA KEV catalog. Exploitation requires causing an SMB2_open_init or SMB2_close_init failure, which could be achieved through manipulated SMB traffic. The primary impact is availability disruption rather than privileged escalation, resulting in a moderate overall risk."}}}}, "created": "2026-03-25T21:15:48.372132+00:00", "updated": "2026-03-25T21:15:48.372159+00:00", "vendors": [], "weaknesses": ["CWE-457"]}