Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0192
Vulnerability from certfr_avis - Published: 2026-02-20 - Updated: 2026-02-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.73-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23219"
},
{
"name": "CVE-2026-23199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23199"
},
{
"name": "CVE-2026-23220",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23220"
},
{
"name": "CVE-2025-71223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71223"
},
{
"name": "CVE-2026-23187",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23187"
},
{
"name": "CVE-2026-23179",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23179"
},
{
"name": "CVE-2026-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"name": "CVE-2026-23229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2025-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40082"
},
{
"name": "CVE-2025-71235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71235"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2026-23230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23230"
},
{
"name": "CVE-2026-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23214"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2026-23228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23228"
},
{
"name": "CVE-2026-23223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23223"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23169"
},
{
"name": "CVE-2026-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23177"
},
{
"name": "CVE-2025-71220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71220"
},
{
"name": "CVE-2026-23201",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23201"
},
{
"name": "CVE-2026-23180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23180"
},
{
"name": "CVE-2026-23200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23200"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2025-71225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71225"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2025-71203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71203"
},
{
"name": "CVE-2026-23188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23188"
},
{
"name": "CVE-2025-71228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71228"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2025-71237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71237"
},
{
"name": "CVE-2026-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23215"
},
{
"name": "CVE-2026-23205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23205"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2025-71229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71229"
},
{
"name": "CVE-2026-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23213"
},
{
"name": "CVE-2025-71236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71236"
},
{
"name": "CVE-2025-71234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71234"
},
{
"name": "CVE-2025-71232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71232"
},
{
"name": "CVE-2025-71204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71204"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23206"
},
{
"name": "CVE-2025-68823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68823"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2025-71233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71233"
},
{
"name": "CVE-2026-23224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23224"
},
{
"name": "CVE-2026-23189",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23189"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2025-71231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71231"
}
],
"initial_release_date": "2026-02-20T00:00:00",
"last_revision_date": "2026-02-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0192",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6141-1",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00050.html"
}
]
}
CVE-2026-23224 (GCVE-0-2026-23224)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:53 – Updated: 2026-05-11 22:02
VLAI
EPSS
Title
erofs: fix UAF issue for file-backed mounts w/ directio option
Summary
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix UAF issue for file-backed mounts w/ directio option
[ 9.269940][ T3222] Call trace:
[ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108
[ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198
[ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180
[ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24
[ 9.270030][ T3222] z_erofs_runqueue+0x834/0x8ac
[ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220
[ 9.270083][ T3222] filemap_read_folio+0x60/0x120
[ 9.270102][ T3222] filemap_fault+0xcac/0x1060
[ 9.270119][ T3222] do_pte_missing+0x2d8/0x1554
[ 9.270131][ T3222] handle_mm_fault+0x5ec/0x70c
[ 9.270142][ T3222] do_page_fault+0x178/0x88c
[ 9.270167][ T3222] do_translation_fault+0x38/0x54
[ 9.270183][ T3222] do_mem_abort+0x54/0xac
[ 9.270208][ T3222] el0_da+0x44/0x7c
[ 9.270227][ T3222] el0t_64_sync_handler+0x5c/0xf4
[ 9.270253][ T3222] el0t_64_sync+0x1bc/0x1c0
EROFS may encounter above panic when enabling file-backed mount w/
directio mount option, the root cause is it may suffer UAF in below
race condition:
- z_erofs_read_folio wq s_dio_done_wq
- z_erofs_runqueue
- erofs_fileio_submit_bio
- erofs_fileio_rq_submit
- vfs_iocb_iter_read
- ext4_file_read_iter
- ext4_dio_read_iter
- iomap_dio_rw
: bio was submitted and return -EIOCBQUEUED
- dio_aio_complete_work
- dio_complete
- dio->iocb->ki_complete (erofs_fileio_ki_complete())
- kfree(rq)
: it frees iocb, iocb.ki_filp can be UAF in file_accessed().
- file_accessed
: access NULL file point
Introduce a reference count in struct erofs_fileio_rq, and initialize it
as two, both erofs_fileio_ki_complete() and erofs_fileio_rq_submit() will
decrease reference count, the last one decreasing the reference count
to zero will free rq.
Severity
7.8 (High)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fb176750266a3d7f42ebdcf28e8ba40350b27847 , < ae385826840a3c8e09bf38cac90adcd690716f57
(git)
Affected: fb176750266a3d7f42ebdcf28e8ba40350b27847 , < d741534302f71c511eb0bb670b92eaa7df4a0aec (git) Affected: fb176750266a3d7f42ebdcf28e8ba40350b27847 , < b2ee5e4d5446babd23ff7beb4e636be0fb3ea5aa (git) Affected: fb176750266a3d7f42ebdcf28e8ba40350b27847 , < 1caf50ce4af096d0280d59a31abdd85703cd995c (git) |
|
| Linux | Linux |
Affected:
6.12
Unaffected: 0 , < 6.12 (semver) Unaffected: 6.12.72 , ≤ 6.12.* (semver) Unaffected: 6.18.11 , ≤ 6.18.* (semver) Unaffected: 6.19.1 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/erofs/fileio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae385826840a3c8e09bf38cac90adcd690716f57",
"status": "affected",
"version": "fb176750266a3d7f42ebdcf28e8ba40350b27847",
"versionType": "git"
},
{
"lessThan": "d741534302f71c511eb0bb670b92eaa7df4a0aec",
"status": "affected",
"version": "fb176750266a3d7f42ebdcf28e8ba40350b27847",
"versionType": "git"
},
{
"lessThan": "b2ee5e4d5446babd23ff7beb4e636be0fb3ea5aa",
"status": "affected",
"version": "fb176750266a3d7f42ebdcf28e8ba40350b27847",
"versionType": "git"
},
{
"lessThan": "1caf50ce4af096d0280d59a31abdd85703cd995c",
"status": "affected",
"version": "fb176750266a3d7f42ebdcf28e8ba40350b27847",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/erofs/fileio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.72",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.11",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.1",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix UAF issue for file-backed mounts w/ directio option\n\n[ 9.269940][ T3222] Call trace:\n[ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108\n[ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198\n[ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180\n[ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24\n[ 9.270030][ T3222] z_erofs_runqueue+0x834/0x8ac\n[ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220\n[ 9.270083][ T3222] filemap_read_folio+0x60/0x120\n[ 9.270102][ T3222] filemap_fault+0xcac/0x1060\n[ 9.270119][ T3222] do_pte_missing+0x2d8/0x1554\n[ 9.270131][ T3222] handle_mm_fault+0x5ec/0x70c\n[ 9.270142][ T3222] do_page_fault+0x178/0x88c\n[ 9.270167][ T3222] do_translation_fault+0x38/0x54\n[ 9.270183][ T3222] do_mem_abort+0x54/0xac\n[ 9.270208][ T3222] el0_da+0x44/0x7c\n[ 9.270227][ T3222] el0t_64_sync_handler+0x5c/0xf4\n[ 9.270253][ T3222] el0t_64_sync+0x1bc/0x1c0\n\nEROFS may encounter above panic when enabling file-backed mount w/\ndirectio mount option, the root cause is it may suffer UAF in below\nrace condition:\n\n- z_erofs_read_folio wq s_dio_done_wq\n - z_erofs_runqueue\n - erofs_fileio_submit_bio\n - erofs_fileio_rq_submit\n - vfs_iocb_iter_read\n - ext4_file_read_iter\n - ext4_dio_read_iter\n - iomap_dio_rw\n : bio was submitted and return -EIOCBQUEUED\n - dio_aio_complete_work\n - dio_complete\n - dio-\u003eiocb-\u003eki_complete (erofs_fileio_ki_complete())\n - kfree(rq)\n : it frees iocb, iocb.ki_filp can be UAF in file_accessed().\n - file_accessed\n : access NULL file point\n\nIntroduce a reference count in struct erofs_fileio_rq, and initialize it\nas two, both erofs_fileio_ki_complete() and erofs_fileio_rq_submit() will\ndecrease reference count, the last one decreasing the reference count\nto zero will free rq."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:02:43.408Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae385826840a3c8e09bf38cac90adcd690716f57"
},
{
"url": "https://git.kernel.org/stable/c/d741534302f71c511eb0bb670b92eaa7df4a0aec"
},
{
"url": "https://git.kernel.org/stable/c/b2ee5e4d5446babd23ff7beb4e636be0fb3ea5aa"
},
{
"url": "https://git.kernel.org/stable/c/1caf50ce4af096d0280d59a31abdd85703cd995c"
}
],
"title": "erofs: fix UAF issue for file-backed mounts w/ directio option",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23224",
"datePublished": "2026-02-18T14:53:27.462Z",
"dateReserved": "2026-01-13T15:37:45.987Z",
"dateUpdated": "2026-05-11T22:02:43.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23228 (GCVE-0-2026-23228)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:53 – Updated: 2026-05-23 16:04
VLAI
EPSS
Title
smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is
freed via free_transport(), which does not decrement active_num_conn,
leaking this counter.
Replace free_transport() with ksmbd_tcp_disconnect().
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4210c3555db4b38bade92331b153e583261f05f9 , < 6dd2645cf080a75be31fa66063c7332b291f46f0
(git)
Affected: d5d7847e57ac69fa99c18b363a34419bcdb5a281 , < 7ddd69cd1338c6197e1b6b19cec60d99c8633e4f (git) Affected: 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 , < 787769c8cc50416af7b8b1a36e6bcd6aaa7680aa (git) Affected: 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 , < baf664fc90a6139a39a58333e4aaa390c10d45dc (git) Affected: 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 , < cd25e0d809531a67e9dd53b19012d27d2b13425f (git) Affected: 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 , < 599271110c35f6b16e2e4e45b9fbd47ed378c982 (git) Affected: 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 , < 77ffbcac4e569566d0092d5f22627dfc0896b553 (git) Affected: 5.15.91 , < 5.15.201 (semver) Affected: 6.1.9 , < 6.1.164 (semver) |
|
| Linux | Linux |
Affected:
6.2
Unaffected: 0 , < 6.2 (semver) Unaffected: 5.15.201 , ≤ 5.15.* (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.125 , ≤ 6.6.* (semver) Unaffected: 6.12.72 , ≤ 6.12.* (semver) Unaffected: 6.18.11 , ≤ 6.18.* (semver) Unaffected: 6.19.1 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/transport_tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6dd2645cf080a75be31fa66063c7332b291f46f0",
"status": "affected",
"version": "4210c3555db4b38bade92331b153e583261f05f9",
"versionType": "git"
},
{
"lessThan": "7ddd69cd1338c6197e1b6b19cec60d99c8633e4f",
"status": "affected",
"version": "d5d7847e57ac69fa99c18b363a34419bcdb5a281",
"versionType": "git"
},
{
"lessThan": "787769c8cc50416af7b8b1a36e6bcd6aaa7680aa",
"status": "affected",
"version": "0d0d4680db22eda1eea785c47bbf66a9b33a8b16",
"versionType": "git"
},
{
"lessThan": "baf664fc90a6139a39a58333e4aaa390c10d45dc",
"status": "affected",
"version": "0d0d4680db22eda1eea785c47bbf66a9b33a8b16",
"versionType": "git"
},
{
"lessThan": "cd25e0d809531a67e9dd53b19012d27d2b13425f",
"status": "affected",
"version": "0d0d4680db22eda1eea785c47bbf66a9b33a8b16",
"versionType": "git"
},
{
"lessThan": "599271110c35f6b16e2e4e45b9fbd47ed378c982",
"status": "affected",
"version": "0d0d4680db22eda1eea785c47bbf66a9b33a8b16",
"versionType": "git"
},
{
"lessThan": "77ffbcac4e569566d0092d5f22627dfc0896b553",
"status": "affected",
"version": "0d0d4680db22eda1eea785c47bbf66a9b33a8b16",
"versionType": "git"
},
{
"lessThan": "5.15.201",
"status": "affected",
"version": "5.15.91",
"versionType": "semver"
},
{
"lessThan": "6.1.164",
"status": "affected",
"version": "6.1.9",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/transport_tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.201",
"versionStartIncluding": "5.15.91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "6.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.125",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.72",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.11",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.1",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()\n\nOn kthread_run() failure in ksmbd_tcp_new_connection(), the transport is\nfreed via free_transport(), which does not decrement active_num_conn,\nleaking this counter.\n\nReplace free_transport() with ksmbd_tcp_disconnect()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:04:17.653Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6dd2645cf080a75be31fa66063c7332b291f46f0"
},
{
"url": "https://git.kernel.org/stable/c/7ddd69cd1338c6197e1b6b19cec60d99c8633e4f"
},
{
"url": "https://git.kernel.org/stable/c/787769c8cc50416af7b8b1a36e6bcd6aaa7680aa"
},
{
"url": "https://git.kernel.org/stable/c/baf664fc90a6139a39a58333e4aaa390c10d45dc"
},
{
"url": "https://git.kernel.org/stable/c/cd25e0d809531a67e9dd53b19012d27d2b13425f"
},
{
"url": "https://git.kernel.org/stable/c/599271110c35f6b16e2e4e45b9fbd47ed378c982"
},
{
"url": "https://git.kernel.org/stable/c/77ffbcac4e569566d0092d5f22627dfc0896b553"
}
],
"title": "smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23228",
"datePublished": "2026-02-18T14:53:31.882Z",
"dateReserved": "2026-01-13T15:37:45.988Z",
"dateUpdated": "2026-05-23T16:04:17.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23229 (GCVE-0-2026-23229)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:53 – Updated: 2026-05-23 16:04
VLAI
EPSS
Title
crypto: virtio - Add spinlock protection with virtqueue notification
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: virtio - Add spinlock protection with virtqueue notification
When VM boots with one virtio-crypto PCI device and builtin backend,
run openssl benchmark command with multiple processes, such as
openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32
openssl processes will hangup and there is error reported like this:
virtio_crypto virtio0: dataq.0:id 3 is not a head!
It seems that the data virtqueue need protection when it is handled
for virtio done notification. If the spinlock protection is added
in virtcrypto_done_task(), openssl benchmark with multiple processes
works well.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0eb69890e86775d178452880ea0d24384c5ccedf , < 552475d0b6cece73a52c0fa5faa0ce45e99df74b
(git)
Affected: 75cba72ddb788a5b9c7ed2139fbb84383df029eb , < 8ee8ccfd60bf17cbdab91069d324b5302f4f3a30 (git) Affected: ae4747dab2eab95a68bb2f6c7e904bff0424e1b1 , < c9e594194795c86ca753ad6ed64c2762e9309d0d (git) Affected: c4c54fce9ec54a59a4ca035af13c2823c76684cc , < d6f0d586808689963e58fd739bed626ff5013b24 (git) Affected: fed93fb62e05c38152b0fc1dc9609639e63eed76 , < c0a0ded3bb7fd45f720faa48449a930153257d3a (git) Affected: fed93fb62e05c38152b0fc1dc9609639e63eed76 , < e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2 (git) Affected: fed93fb62e05c38152b0fc1dc9609639e63eed76 , < 49c57c6c108931a914ed94e3c0ddb974008260a3 (git) Affected: fed93fb62e05c38152b0fc1dc9609639e63eed76 , < b505047ffc8057555900d2d3a005d033e6967382 (git) Affected: 96be18c8fff9d57e29621386e2fa17268383ea27 (git) Affected: 830a4f073f7edd2cc4f30ba95bdc3495d97c2550 (git) Affected: 8862c0d2e47ba1733d9687fe0ff4e02d6e391255 (git) Affected: 5.10.209 , < 5.10.251 (semver) Affected: 5.15.148 , < 5.15.201 (semver) Affected: 6.1.75 , < 6.1.164 (semver) Affected: 6.6.14 , < 6.6.125 (semver) Affected: 4.19.306 , < 4.20 (semver) Affected: 5.4.268 , < 5.5 (semver) Affected: 6.7.2 , < 6.8 (semver) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 5.10.251 , ≤ 5.10.* (semver) Unaffected: 5.15.201 , ≤ 5.15.* (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.125 , ≤ 6.6.* (semver) Unaffected: 6.12.72 , ≤ 6.12.* (semver) Unaffected: 6.18.11 , ≤ 6.18.* (semver) Unaffected: 6.19.1 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/virtio/virtio_crypto_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "552475d0b6cece73a52c0fa5faa0ce45e99df74b",
"status": "affected",
"version": "0eb69890e86775d178452880ea0d24384c5ccedf",
"versionType": "git"
},
{
"lessThan": "8ee8ccfd60bf17cbdab91069d324b5302f4f3a30",
"status": "affected",
"version": "75cba72ddb788a5b9c7ed2139fbb84383df029eb",
"versionType": "git"
},
{
"lessThan": "c9e594194795c86ca753ad6ed64c2762e9309d0d",
"status": "affected",
"version": "ae4747dab2eab95a68bb2f6c7e904bff0424e1b1",
"versionType": "git"
},
{
"lessThan": "d6f0d586808689963e58fd739bed626ff5013b24",
"status": "affected",
"version": "c4c54fce9ec54a59a4ca035af13c2823c76684cc",
"versionType": "git"
},
{
"lessThan": "c0a0ded3bb7fd45f720faa48449a930153257d3a",
"status": "affected",
"version": "fed93fb62e05c38152b0fc1dc9609639e63eed76",
"versionType": "git"
},
{
"lessThan": "e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2",
"status": "affected",
"version": "fed93fb62e05c38152b0fc1dc9609639e63eed76",
"versionType": "git"
},
{
"lessThan": "49c57c6c108931a914ed94e3c0ddb974008260a3",
"status": "affected",
"version": "fed93fb62e05c38152b0fc1dc9609639e63eed76",
"versionType": "git"
},
{
"lessThan": "b505047ffc8057555900d2d3a005d033e6967382",
"status": "affected",
"version": "fed93fb62e05c38152b0fc1dc9609639e63eed76",
"versionType": "git"
},
{
"status": "affected",
"version": "96be18c8fff9d57e29621386e2fa17268383ea27",
"versionType": "git"
},
{
"status": "affected",
"version": "830a4f073f7edd2cc4f30ba95bdc3495d97c2550",
"versionType": "git"
},
{
"status": "affected",
"version": "8862c0d2e47ba1733d9687fe0ff4e02d6e391255",
"versionType": "git"
},
{
"lessThan": "5.10.251",
"status": "affected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThan": "5.15.201",
"status": "affected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThan": "6.1.164",
"status": "affected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThan": "6.6.125",
"status": "affected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThan": "5.5",
"status": "affected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThan": "6.8",
"status": "affected",
"version": "6.7.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/virtio/virtio_crypto_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.251",
"versionStartIncluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.201",
"versionStartIncluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "6.1.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.125",
"versionStartIncluding": "6.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.72",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.11",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.1",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio - Add spinlock protection with virtqueue notification\n\nWhen VM boots with one virtio-crypto PCI device and builtin backend,\nrun openssl benchmark command with multiple processes, such as\n openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32\n\nopenssl processes will hangup and there is error reported like this:\n virtio_crypto virtio0: dataq.0:id 3 is not a head!\n\nIt seems that the data virtqueue need protection when it is handled\nfor virtio done notification. If the spinlock protection is added\nin virtcrypto_done_task(), openssl benchmark with multiple processes\nworks well."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:04:18.715Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/552475d0b6cece73a52c0fa5faa0ce45e99df74b"
},
{
"url": "https://git.kernel.org/stable/c/8ee8ccfd60bf17cbdab91069d324b5302f4f3a30"
},
{
"url": "https://git.kernel.org/stable/c/c9e594194795c86ca753ad6ed64c2762e9309d0d"
},
{
"url": "https://git.kernel.org/stable/c/d6f0d586808689963e58fd739bed626ff5013b24"
},
{
"url": "https://git.kernel.org/stable/c/c0a0ded3bb7fd45f720faa48449a930153257d3a"
},
{
"url": "https://git.kernel.org/stable/c/e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2"
},
{
"url": "https://git.kernel.org/stable/c/49c57c6c108931a914ed94e3c0ddb974008260a3"
},
{
"url": "https://git.kernel.org/stable/c/b505047ffc8057555900d2d3a005d033e6967382"
}
],
"title": "crypto: virtio - Add spinlock protection with virtqueue notification",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23229",
"datePublished": "2026-02-18T14:53:33.015Z",
"dateReserved": "2026-01-13T15:37:45.988Z",
"dateUpdated": "2026-05-23T16:04:18.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23230 (GCVE-0-2026-23230)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:53 – Updated: 2026-05-11 22:02
VLAI
EPSS
Title
smb: client: split cached_fid bitfields to avoid shared-byte RMW races
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: split cached_fid bitfields to avoid shared-byte RMW races
is_open, has_lease and on_list are stored in the same bitfield byte in
struct cached_fid but are updated in different code paths that may run
concurrently. Bitfield assignments generate byte read–modify–write
operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can
restore stale values of the others.
A possible interleaving is:
CPU1: load old byte (has_lease=1, on_list=1)
CPU2: clear both flags (store 0)
CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits
To avoid this class of races, convert these flags to separate bool
fields.
Severity
8.8 (High)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < 569fecc56bfe4df66f05734d67daef887746656b
(git)
Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < 4386f6af8aaedd0c5ad6f659b40cadcc8f423828 (git) Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < 3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a (git) Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < c4b9edd55987384a1f201d3d07ff71e448d79c1b (git) Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < 4cfa4c37dcbcfd70866e856200ed8a2894cac578 (git) Affected: ebe98f1447bbccf8228335c62d86af02a0ed23f7 , < ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241 (git) |
|
| Linux | Linux |
Affected:
6.1
Unaffected: 0 , < 6.1 (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.125 , ≤ 6.6.* (semver) Unaffected: 6.12.72 , ≤ 6.12.* (semver) Unaffected: 6.18.11 , ≤ 6.18.* (semver) Unaffected: 6.19.1 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cached_dir.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "569fecc56bfe4df66f05734d67daef887746656b",
"status": "affected",
"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
"versionType": "git"
},
{
"lessThan": "4386f6af8aaedd0c5ad6f659b40cadcc8f423828",
"status": "affected",
"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
"versionType": "git"
},
{
"lessThan": "3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a",
"status": "affected",
"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
"versionType": "git"
},
{
"lessThan": "c4b9edd55987384a1f201d3d07ff71e448d79c1b",
"status": "affected",
"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
"versionType": "git"
},
{
"lessThan": "4cfa4c37dcbcfd70866e856200ed8a2894cac578",
"status": "affected",
"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
"versionType": "git"
},
{
"lessThan": "ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241",
"status": "affected",
"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cached_dir.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.125",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.72",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.11",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.1",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read\u2013modify\u2013write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n CPU1: load old byte (has_lease=1, on_list=1)\n CPU2: clear both flags (store 0)\n CPU1: RMW store (old | IS_OPEN) -\u003e reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:02:50.386Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b"
},
{
"url": "https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828"
},
{
"url": "https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a"
},
{
"url": "https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b"
},
{
"url": "https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578"
},
{
"url": "https://git.kernel.org/stable/c/ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241"
}
],
"title": "smb: client: split cached_fid bitfields to avoid shared-byte RMW races",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23230",
"datePublished": "2026-02-18T14:53:34.078Z",
"dateReserved": "2026-01-13T15:37:45.988Z",
"dateUpdated": "2026-05-11T22:02:50.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…