Description
In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix possible infinite loop and oob read in symlink_data()

On 32-bit architectures, the infinite loop is as follows:

len = p->ErrorDataLength == 0xfffffff8
u8 *next = p->ErrorContextData + len
next == p

On 32-bit architectures, the out-of-bounds read is as follows:

len = p->ErrorDataLength == 0xfffffff0
u8 *next = p->ErrorContextData + len
next == (u8 *)p - 8
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug exists in the Linux kernel SMB client. When a specially crafted SMB response contains an inflated error data length, the function symlink_data ends up looping forever or performing an out‑of‑bounds read. The infinite loop can stall the SMB client thread, effectively denying service, while the buffer over‑read can expose kernel memory contents. The code paths rely on unchecked values taken from the SMB packet.

Affected Systems

The vulnerability affects the Linux kernel across all distributions that include the affected code. Any host that runs the kernel and processes SMB responses is potentially vulnerable. The precise kernel version range is not specified in the data, but the fix was committed in the mainline source tree and is included in subsequent releases.

Risk and Exploitability

The vulnerability is not listed in the CISA KEV catalog and no EPSS score is available, indicating limited publicly documented exploitation. The CVSS score is not supplied, but the infinite loop and buffer over‑read present a notable risk of denial of service and modest information disclosure. Exploitation would require a malicious SMB server or client that can send the crafted packet, so an attacker needs network access to the target’s SMB endpoint. The fix is available through standard distribution updates.

Generated by OpenCVE AI on June 24, 2026 at 19:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the commit that fixes the infinite loop and out‑of‑bounds read in smb/client.
  • If an immediate kernel update is not possible, configure the kernel or network policy to limit SMB client usage by the affected services or quarantine them from untrusted networks.
  • Apply the kernel patch manually by cherry‑picking or building from the supplied Git commit(s).

Generated by OpenCVE AI on June 24, 2026 at 19:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-932

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlink_data() On 32-bit architectures, the infinite loop is as follows: len = p->ErrorDataLength == 0xfffffff8 u8 *next = p->ErrorContextData + len next == p On 32-bit architectures, the out-of-bounds read is as follows: len = p->ErrorDataLength == 0xfffffff0 u8 *next = p->ErrorContextData + len next == (u8 *)p - 8
Title smb/client: fix possible infinite loop and oob read in symlink_data()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:46.661Z

Reserved: 2026-06-09T07:44:35.374Z

Link: CVE-2026-52967

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T19:15:15Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-932