PatchSiren cyber security CVE debrief
CVE-2026-52996 Linux CVE debrief
A Linux kernel vulnerability was resolved, involving a durable fd leak on ClientGUID mismatch in durable v2 open. The ksmbd_lookup_fd_cguid() function returns a ksmbd_file with its refcount incremented. However, in cases of ClientGUID mismatch, the reference obtained was not released, leading to resource leaks. The issue has been addressed by releasing the reference in the mismatch path and clearing dh_info->fp. This vulnerability affects Linux kernel-based systems, and system administrators and security teams should be aware of this vulnerability and take necessary actions to ensure their systems are updated.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-07-10
Who should care
System administrators and security teams responsible for Linux kernel-based systems should be aware of this vulnerability and take necessary actions to ensure their systems are updated. They should review system logs for potential exploitation attempts and implement additional monitoring and security measures.
Technical summary
The vulnerability was found in the Linux kernel's ksmbd implementation. Specifically, the ksmbd_lookup_fd_cguid() function returns a ksmbd_file with an incremented refcount. In the DURABLE_REQ_V2 case, when an entry exists in the global file table with the same CreateGuid but a different ClientGUID, the code falls through to the new-open path without dropping the reference. This leads to resource leaks and prevents __ksmbd_close_fd() from running for the corresponding files. The issue is resolved by releasing the reference in the mismatch path and clearing dh_info->fp.
Defensive priority
Medium
Recommended defensive actions
- Update Linux kernel to the latest version
- Review system logs for potential exploitation attempts
- Implement additional monitoring and security measures
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-06-24T17:17:10.567Z and last modified on 2026-07-10T19:24:19.850Z. The NVD entry is currently Awaiting Analysis. There is limited information available about the specific details of this vulnerability, and further analysis is required to fully understand its impact. The Linux kernel vulnerability involves a durable fd leak on ClientGUID mismatch in durable v2 open. The ksmbd_lookup_fd_cguid() function returns a ksmbd_file with its refcount incremented. However, in cases of ClientGUID mismatch, the reference obtained was not released, leading to resource leaks. The issue has been addressed by releasing the reference in the mismatch path. System administrators and security teams should verify their systems' exposure and apply necessary patches or mitigations.
Official resources
-
CVE-2026-52996 CVE record
CVE.org
-
CVE-2026-52996 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:10.567Z and has not been modified since then.