SB20260625188 - Improper resource shutdown or release in Linux kernel smb server
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper resource shutdown or release (CVE-ID: CVE-2026-52996)
CWE-ID: CWE-404 - Improper Resource Shutdown or Release
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in parse_durable_handle_context() in the ksmbd SMB server durable handle processing when handling durable v2 open requests with a matching CreateGuid but mismatched ClientGUID. A remote user can send specially crafted durable reconnect requests to cause a denial of service.
Repeated mismatch requests can pin global file table entries and prevent file cleanup for the corresponding files.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06f709d0e531f3e54d88665dd426be3998a774e6
- https://git.kernel.org/stable/c/407b6e699ba8b45b72cc265eed8a1bc8a7191609
- https://git.kernel.org/stable/c/804054d19886ac6628883d82410f6ee42a818664
- https://git.kernel.org/stable/c/8c4a0ef19c8264c150833131af34541495832cd0
- https://git.kernel.org/stable/c/f31beef633fbf2b5af7805fa187a10bcff1d4b49