CRITICAL🇵🇱 Wersja polska

CVE-2026-45972

CVSS 9.8pub. 2026-05-27upd. 2026-06-30

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.

🤖 AI Analysis
How it works

The issue is that the variables @err_iov and @err_buftype are not zeroed before re-invoking SMB2_open(). If the @data pointer is not NULL, this leads to access of already freed memory (use-after-free). Otherwise, the same memory resources may be freed twice (double free), which can result in corruption of the kernel heap structure.

Impact

An attacker may potentially lead to arbitrary code execution in kernel context, privilege escalation, or destabilization of the operating system by triggering use-after-free or double free conditions.

Mitigation & patch

Patches available from the vendor should be applied according to the references — patches have been published in the kernel.org repository (git.kernel.org/stable) for many stable branches. It is recommended to update the kernel to a version containing the indicated commits.

Who is affected

Linux kernel with SMB client enabled (cifs/smb3 module); versions indicated in vendor references (commits available in stable branches of the kernel.org repository)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    6.196.1.163 – 6.1.165 (bez)6.6.124 – 6.6.128 (bez)6.12.70 – 6.12.75 (bez)6.18.10 – 6.18.14 (bez)6.19.1 – 6.19.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...