EUVD-2026-15204
GHSA-xc6w-xcgh-jjhw
Lifecycle Timeline
4Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2_unlink() If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the iovs set @rqst will be left uninitialised, hence calling SMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will oops. Fix this by initialising @close_iov and @open_iov before setting them in @rqst.
Analysis
An uninitialized variable vulnerability exists in the Linux kernel's SMB2 client implementation within the smb2_unlink() function, where failure of SMB2_open_init() or SMB2_close_init() operations (such as during reconnection) leaves iovs structures uninitialized. If subsequent cleanup functions like SMB2_open_free(), SMB2_close_free(), or smb2_set_related() attempt to operate on these uninitialized structures, the kernel will oops (crash), resulting in a denial of service condition affecting all Linux distributions and versions using affected kernel code.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | not-affected | - | - |
| bullseye (security) | fixed | 5.10.251-1 | - |
| bookworm | not-affected | - | - |
| bookworm (security) | fixed | 6.1.164-1 | - |
| trixie | not-affected | - | - |
| trixie (security) | fixed | 6.12.74-2 | - |
| forky, sid | fixed | 6.19.8-1 | - |
| (unstable) | fixed | 6.19.8-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today