CVE-2026-52967

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix possible infinite loop and oob read in symlink_data()

On 32-bit architectures, the infinite loop is as follows:

len = p->ErrorDataLength == 0xfffffff8 u8 *next = p->ErrorContextData + len next == p

On 32-bit architectures, the out-of-bounds read is as follows:

len = p->ErrorDataLength == 0xfffffff0 u8 *next = p->ErrorContextData + len next == (u8 *)p - 8

Affected Software

VendorProductVersion RangeStatus
LinuxLinux76894f3e2f71177747b8b4763fb180e800279585 < 1cfa2d59f669db28d6292d10ff87ca6837c781b0affected
LinuxLinux76894f3e2f71177747b8b4763fb180e800279585 < b41598bf54b3fe528994e573df6008f8f4d0a4f4affected
LinuxLinux76894f3e2f71177747b8b4763fb180e800279585 < cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23affected
LinuxLinux76894f3e2f71177747b8b4763fb180e800279585 < 97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbbaffected
LinuxLinux76894f3e2f71177747b8b4763fb180e800279585 < 1b9331b16b0ed9414dcf7583d8134bdfeb117aaeaffected
LinuxLinux76894f3e2f71177747b8b4763fb180e800279585 < 7d9a7f1f96cd617ee9e75bb22217c709038e26b8affected
LinuxLinux2d046892a493d9760c35fdaefc3017f27f91b621affected
LinuxLinux6.0.16 < 6.1affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.141 <= 6.6.*unaffected
LinuxLinux6.12.91 <= 6.12.*unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References