PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45972 Linux CVE debrief

A use-after-free (UAF) and double-free vulnerability exists in the Linux kernel's SMB client implementation, specifically within the smb2_open_file() function. The flaw occurs when retrying SMB2_open() operations: if the @data pointer is non-NULL, uninitialized @err_iov and @err_buftype variables can lead to memory corruption. The fix zeroes out these variables before retry to prevent both UAF and double-free conditions. This vulnerability affects SMB client operations and could potentially be exploited for privilege escalation or system instability.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators, kernel maintainers, organizations using SMB/CIFS client functionality, security teams monitoring kernel vulnerabilities

Technical summary

The smb2_open_file() function in the Linux kernel SMB client fails to initialize @err_iov and @err_buftype before retrying SMB2_open(). When @data != NULL, this leads to use-after-free and double-free vulnerabilities. The fix ensures these variables are zeroed before retry operations. Multiple stable kernel branches have received patches.

Defensive priority

high

Recommended defensive actions

  • Apply kernel patches from stable branches when available
  • Monitor distribution security advisories for updated kernel packages
  • Restrict SMB client access to trusted servers until patched
  • Enable kernel memory sanitizers (KASAN/KMSAN) in test environments to detect UAF conditions

Evidence notes

CVE published 2026-05-27T14:17:14.173Z; modified 2026-05-27T14:48:03.013Z. Six kernel.org stable branch commits provided as references. NVD status: Awaiting Analysis. No CVSS score or severity assigned at time of publication.

Official resources

2026-05-27