Improper resource shutdown or release in Linux kernel - CVE-2026-52996
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in parse_durable_handle_context() in the ksmbd SMB server durable handle processing when handling durable v2 open requests with a matching CreateGuid but mismatched ClientGUID. A remote user can send specially crafted durable reconnect requests to cause a denial of service.
Repeated mismatch requests can pin global file table entries and prevent file cleanup for the corresponding files.
How to mitigate CVE-2026-52996
Sources
- https://git.kernel.org/stable/c/06f709d0e531f3e54d88665dd426be3998a774e6
- https://git.kernel.org/stable/c/407b6e699ba8b45b72cc265eed8a1bc8a7191609
- https://git.kernel.org/stable/c/804054d19886ac6628883d82410f6ee42a818664
- https://git.kernel.org/stable/c/8c4a0ef19c8264c150833131af34541495832cd0
- https://git.kernel.org/stable/c/f31beef633fbf2b5af7805fa187a10bcff1d4b49