The flaw resides in the Linux kernel’s CIFS client. During the mounting of SMB1 UNIX shares, the cifs_mount_get_tcon() routine may read or update the CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS flags only after reset_cifs_unix_caps(), causing the CIFS_MOUNT_POSIX_PATHS bit to be omitted. This omission leads the kernel to use an incorrect directory separator in the resulting paths. The weakness is a pathname handling issue (CWE‑22) and does not enable unauthorized file access, privilege escalation, or code execution. The impact is limited to incorrect path resolution on mounted shares, potentially causing functional problems rather than a security breach.

All Linux kernel releases that include an unpatched CIFS client and support SMB1 without the directory separator fix are affected. This encompasses every release prior to the patch that introduced the change, including kernel 7.0 and its earlier releases. Distributions that mount SMB shares via the CIFS helper and rely on SMB1 are potentially impacted.

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% signals a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, and no exploits have been reported. It is inferred from the description that the flaw manifests only during client-initiated SMB mount operations; an attacker would need to mount a share locally or have a compromised client perform the mount. The flaw does not provide a direct vector for data exfiltration, code execution, or privilege escalation, so the overall risk is low to moderate.