SB20260406108 - Use-after-free in Linux kernel smb server
Published: April 6, 2026
Security Bulletin ID
SB20260406108
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-23427)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in parse_durable_handle_context() when handling a DURABLE_REQ_V2 context with SMB2_FLAGS_REPLAY_OPERATION. A remote attacker can send a specially crafted replay request to cause a denial of service.
The issue occurs during durable v2 replay of active file handles because an active file handle connection pointer can be overwritten and later dereferenced after the overwriting connection is freed.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/568a25fd7bcdfb2790f7d42aa2a440dca4435c96
- https://git.kernel.org/stable/c/9b0792c3eacf01e67f356d6ef9707b0ae5022419
- https://git.kernel.org/stable/c/a5828c14a9e3d5eeed0bcc0a58f0f3fbca0cdcb2
- https://git.kernel.org/stable/c/b0158d9d6f4ec5941e49a0b812735db2844f9975
- https://git.kernel.org/stable/c/b425e4d0eb321a1116ddbf39636333181675d8f4