Description
In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF and double free in smb2_open_file()

Zero out @err_iov and @err_buftype before retrying SMB2_open() to
prevent an UAF bug if @data != NULL, otherwise a double free.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in the Linux kernel SMB client occurs during the smb2_open_file() operation, where the system can either experience a use‑after‑free or a double‑free if certain conditions on error buffers are not met. This defect can corrupt kernel memory, and depending on the attacker’s ability to influence the buffers, could allow execution of arbitrary code or cause a crash, both of which compromise system integrity and availability.

Affected Systems

All Linux kernel releases that include the SMB client prior to the commit that implements the fix. The patch is referenced by several commit URLs in the advisory, meaning any kernel version before those commits is vulnerable.

Risk and Exploitability

The CVSS severity is not listed, and EPSS data is unavailable, but the nature of the flaw—kernel‑level memory corruption—implies high impact if exploited. The vulnerability is remotely exploitable through SMB traffic, and no public exploitation evidence or CISA KEV listing exists, yet the upper‑layer anonymous nature of SMB connections means attackers can reach the buggy code from a network space. Consequently, the risk remains significant and should be mitigated as soon as possible.

Generated by OpenCVE AI on May 27, 2026 at 18:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the commit fixing the smb2_open_file() UAF and double‑free issue.
  • If a kernel update cannot be applied immediately, restrict SMB traffic to trusted hosts or block the SMB port (445) from untrusted networks to reduce the attack surface.
  • As a precaution, consider enabling SELinux or AppArmor with strict profiles to limit the impact of any kernel memory corruption that may still occur.

Generated by OpenCVE AI on May 27, 2026 at 18:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.
Title smb: client: fix potential UAF and double free in smb2_open_file()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:31.500Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45972

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:14.173

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T21:30:34Z

Weaknesses