Skip to main content

Linux CVE-2026-23230

HIGH
2026-02-18 416baaa9-dc9f-4396-8d5f-8c081fb06d67
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
6.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 20:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 18, 2026 - 16:22 nvd
HIGH 8.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

smb: client: split cached_fid bitfields to avoid shared-byte RMW races

is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read-modify-write operations (e.g. orb $mask, addr on x86_64), so updating one flag can restore stale values of the others.

A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits

To avoid this class of races, convert these flags to separate bool fields.

AnalysisAI

Linux kernel SMB client denial of service vulnerability caused by concurrent bitfield updates in the cached_fid structure that can corrupt flag states through read-modify-write races. A local attacker with standard privileges can trigger this race condition to cause availability disruptions by forcing inconsistent flag states in cached file handle management. No patch is currently available for this medium-severity issue.

Technical ContextAI

In the Linux kernel, the following vulnerability has been resolved:

smb: client: split cached_fid bitfields to avoid shared-byte RMW races

is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. orb $mask, addr on x86_64), so updating one flag can restore stale values of the others.

A possible interleaving is: CPU1: loa

RemediationAI

Monitor vendor advisories for a patch.

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.67 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.89 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.92 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.81 Affected
Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
SUSE Linux Enterprise High Availability Extension 16.0 Fixed
SUSE Linux Enterprise Server 16.0 Fixed
SUSE Linux Enterprise Server for SAP applications 16.0 Fixed

Share

CVE-2026-23230 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy