SB20260406108 - Use-after-free in Linux kernel smb server



SB20260406108 - Use-after-free in Linux kernel smb server

Published: April 6, 2026

Security Bulletin ID SB20260406108
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Use-after-free (CVE-ID: CVE-2026-23427)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to use-after-free in parse_durable_handle_context() when handling a DURABLE_REQ_V2 context with SMB2_FLAGS_REPLAY_OPERATION. A remote attacker can send a specially crafted replay request to cause a denial of service.

The issue occurs during durable v2 replay of active file handles because an active file handle connection pointer can be overwritten and later dereferenced after the overwriting connection is freed.


Remediation

Install update from vendor's website.