SB20260625126 - Use-after-free in Linux kernel smb server
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-53046)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to use-after-free in ksmbd_crypt_message() when handling SMB encryption requests with an asynchronous hardware crypto engine. A remote user can send a crafted SMB request to cause a denial of service.
Exploitation requires the ksmbd server to use an asynchronous crypto engine such as the Qualcomm Crypto Engine.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3e298897f41c61450c2e7a4f457e8b2485eb35b3
- https://git.kernel.org/stable/c/57b47231055b431ed0a1a55f33cac32981564405
- https://git.kernel.org/stable/c/7164b3953cefd540e7ebca828c793bc6869cfbc4
- https://git.kernel.org/stable/c/8ef183216feaa24b66b940510d8b68f680eb56e9
- https://git.kernel.org/stable/c/8fcefe840fa8c14ce667768e5b043286ac3bbcbe
- https://git.kernel.org/stable/c/b46aa129fa2807bfe1545fe74d9295d53c51520b
- https://git.kernel.org/stable/c/cc2da381875d4a67026e4c8feb3dba51a2a2d1bc