{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-45972","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.090Z","datePublished":"2026-05-27T12:18:31.500Z","dateUpdated":"2026-06-30T12:10:16.170Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-30T10:46:21.265Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF and double free in smb2_open_file()\n\nZero out @err_iov and @err_buftype before retrying SMB2_open() to\nprevent an UAF bug if @data != NULL, otherwise a double free."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/client/smb2file.c"],"versions":[{"version":"743f70406264348c0830f38409eb6c40a42fb2db","lessThan":"96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74","status":"affected","versionType":"git"},{"version":"3a6d6b332f92990958602c1e35ce0173e2dd62e9","lessThan":"7425453ea16dbc3bbb0f6cac4d60b537e5e4d151","status":"affected","versionType":"git"},{"version":"b64e3b5d8d759dd4333992e4ba4dadf9359952c8","lessThan":"4d339b219004869e96c4ce56b8891f83a38da4c0","status":"affected","versionType":"git"},{"version":"9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5","lessThan":"e66dcf7bb9c4df5582c82bc3582725abcbfbea73","status":"affected","versionType":"git"},{"version":"e3a43633023e3cacaca60d4b8972d084a2b06236","lessThan":"639deb962986ef2f5e2a6d5a600c66f922471e81","status":"affected","versionType":"git"},{"version":"e3a43633023e3cacaca60d4b8972d084a2b06236","lessThan":"ebbbc4bfad4cb355d17c671223d0814ee3ef4eda","status":"affected","versionType":"git"},{"version":"6.1.163","lessThan":"6.1.165","status":"affected","versionType":"semver"},{"version":"6.6.124","lessThan":"6.6.128","status":"affected","versionType":"semver"},{"version":"6.12.70","lessThan":"6.12.75","status":"affected","versionType":"semver"},{"version":"6.18.10","lessThan":"6.18.14","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/client/smb2file.c"],"versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","status":"unaffected","versionType":"semver"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.163","versionEndExcluding":"6.1.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.124","versionEndExcluding":"6.6.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.70","versionEndExcluding":"6.12.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.10","versionEndExcluding":"6.18.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74"},{"url":"https://git.kernel.org/stable/c/7425453ea16dbc3bbb0f6cac4d60b537e5e4d151"},{"url":"https://git.kernel.org/stable/c/4d339b219004869e96c4ce56b8891f83a38da4c0"},{"url":"https://git.kernel.org/stable/c/e66dcf7bb9c4df5582c82bc3582725abcbfbea73"},{"url":"https://git.kernel.org/stable/c/639deb962986ef2f5e2a6d5a600c66f922471e81"},{"url":"https://git.kernel.org/stable/c/ebbbc4bfad4cb355d17c671223d0814ee3ef4eda"}],"title":"smb: client: fix potential UAF and double free in smb2_open_file()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"}],"datePublic":"2026-05-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in the Linux kernel's Server Message Block (SMB) client. This vulnerability, within the `smb2_open_file()` function, could allow an attacker to cause memory corruption due to improper handling of memory during file open operations. This could lead to system instability or potentially enable an attacker to execute arbitrary code."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-825","description":"Expired Pointer Dereference","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-45972"},{"name":"RHBZ#2481973","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481973"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45972.json"}],"timeline":[{"lang":"en","time":"2026-05-27T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-27T00:00:00.000Z","value":"Made public."}],"title":"kernel: smb: client: fix potential UAF and double free in smb2_open_file()","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:10:16.170Z"}}]}}