CVE-2026-45972

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF and double free in smb2_open_file()

Zero out @err_iov and @err_buftype before retrying SMB2_open() to prevent an UAF bug if @data != NULL, otherwise a double free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux743f70406264348c0830f38409eb6c40a42fb2db < 96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74affected
LinuxLinux3a6d6b332f92990958602c1e35ce0173e2dd62e9 < 7425453ea16dbc3bbb0f6cac4d60b537e5e4d151affected
LinuxLinuxb64e3b5d8d759dd4333992e4ba4dadf9359952c8 < 4d339b219004869e96c4ce56b8891f83a38da4c0affected
LinuxLinux9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5 < e66dcf7bb9c4df5582c82bc3582725abcbfbea73affected
LinuxLinuxe3a43633023e3cacaca60d4b8972d084a2b06236 < 639deb962986ef2f5e2a6d5a600c66f922471e81affected
LinuxLinuxe3a43633023e3cacaca60d4b8972d084a2b06236 < ebbbc4bfad4cb355d17c671223d0814ee3ef4edaaffected
LinuxLinux6.1.163 < 6.1.165affected
LinuxLinux6.6.124 < 6.6.128affected
LinuxLinux6.12.70 < 6.12.75affected
LinuxLinux6.18.10 < 6.18.14affected
LinuxLinux6.19affected
LinuxLinux0 < 6.19unaffected
LinuxLinux6.1.165 <= 6.1.*unaffected
LinuxLinux6.6.128 <= 6.6.*unaffected
LinuxLinux6.12.75 <= 6.12.*unaffected
LinuxLinux6.18.14 <= 6.18.*unaffected
LinuxLinux6.19.4 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

ADP Enrichment

kernel: smb: client: fix potential UAF and double free in smb2_open_file()

Additional References

References