CVE-2026-46155 Linux CVE debrief

Who should care

Organizations running Linux systems with SMB client mounts, particularly those connecting to external or multi-tenant SMB services. Cloud environments using SMB for file storage integration. Security teams monitoring for kernel information disclosure vulnerabilities that could facilitate further exploitation.

Technical summary

The vulnerability stems from insufficient validation of server-provided length fields in the SMB2 compound operation handler. When processing Windows Symbolic Link (WSL) extended attributes, check_wsl_eas() validates EA list termination but fails to verify that OutputBufferLength does not exceed the actual response buffer size (iov_len). This validation gap allows a malicious SMB server to specify an OutputBufferLength larger than the allocated rsp_iov, causing smb2_compound_op() to read beyond buffer boundaries during memcpy operations. The leaked memory may contain sensitive kernel data structures, cryptographic material, or other privileged information from the kernel heap.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates from stable branches once patches are available for your distribution
• Restrict SMB client connections to trusted servers only
• Monitor for anomalous SMB server behavior that could indicate exploitation attempts
• Consider network segmentation to isolate SMB client systems from untrusted networks

Evidence notes

Vulnerability description sourced from official CVE record published 2026-05-28. Root cause confirmed in kernel commit messages resolving the out-of-bounds read in smb2_compound_op(). Multiple stable kernel branch fixes identified.

Official resources