CVE-2026-23282
Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2_unlink() If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the iovs set @rqst will be left uninitialised, hence calling SMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will oops. Fix this by initialising @close_iov and @open_iov before setting them in @rqst.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.19.8-1 |
| debian | sid | fixed | 6.19.8-1 |
| debian | trixie | fixed | 0 |
| linux-kernel | affected | 6.18.17 | |
| linux-kernel | 6.17 | affected | |
| linux-kernel | 7.0 | affected | |
References
- https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864
- https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91
- https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a
- https://www.suse.com/security/cve/CVE-2026-23282.html
- https://security-tracker.debian.org/tracker/CVE-2026-23282
CWEs
CWE-908
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.