PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52996 Linux CVE debrief

A Linux kernel vulnerability was resolved, involving a durable fd leak on ClientGUID mismatch in durable v2 open. The ksmbd_lookup_fd_cguid() function returns a ksmbd_file with its refcount incremented. However, in cases of ClientGUID mismatch, the reference obtained was not released, leading to resource leaks. The issue has been addressed by releasing the reference in the mismatch path and clearing dh_info->fp. This vulnerability affects Linux kernel-based systems, and system administrators and security teams should be aware of this vulnerability and take necessary actions to ensure their systems are updated.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-24
Original CVE updated
2026-07-10
Advisory published
2026-06-24
Advisory updated
2026-07-10

Who should care

System administrators and security teams responsible for Linux kernel-based systems should be aware of this vulnerability and take necessary actions to ensure their systems are updated. They should review system logs for potential exploitation attempts and implement additional monitoring and security measures.

Technical summary

The vulnerability was found in the Linux kernel's ksmbd implementation. Specifically, the ksmbd_lookup_fd_cguid() function returns a ksmbd_file with an incremented refcount. In the DURABLE_REQ_V2 case, when an entry exists in the global file table with the same CreateGuid but a different ClientGUID, the code falls through to the new-open path without dropping the reference. This leads to resource leaks and prevents __ksmbd_close_fd() from running for the corresponding files. The issue is resolved by releasing the reference in the mismatch path and clearing dh_info->fp.

Defensive priority

Medium

Recommended defensive actions

  • Update Linux kernel to the latest version
  • Review system logs for potential exploitation attempts
  • Implement additional monitoring and security measures
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-06-24T17:17:10.567Z and last modified on 2026-07-10T19:24:19.850Z. The NVD entry is currently Awaiting Analysis. There is limited information available about the specific details of this vulnerability, and further analysis is required to fully understand its impact. The Linux kernel vulnerability involves a durable fd leak on ClientGUID mismatch in durable v2 open. The ksmbd_lookup_fd_cguid() function returns a ksmbd_file with its refcount incremented. However, in cases of ClientGUID mismatch, the reference obtained was not released, leading to resource leaks. The issue has been addressed by releasing the reference in the mismatch path. System administrators and security teams should verify their systems' exposure and apply necessary patches or mitigations.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:10.567Z and has not been modified since then.