Skip to main content

Linux EUVDEUVD-2026-15204

| CVE-2026-23282 MEDIUM
Use of Uninitialized Resource (CWE-908)
2026-03-25 Linux GHSA-xc6w-xcgh-jjhw
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 22, 2026 - 00:37 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15204
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix oops due to uninitialised var in smb2_unlink()

If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the iovs set @rqst will be left uninitialised, hence calling SMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will oops.

Fix this by initialising @close_iov and @open_iov before setting them in @rqst.

AnalysisAI

An uninitialized variable vulnerability exists in the Linux kernel's SMB2 client implementation within the smb2_unlink() function, where failure of SMB2_open_init() or SMB2_close_init() operations (such as during reconnection) leaves iovs structures uninitialized. If subsequent cleanup functions like SMB2_open_free(), SMB2_close_free(), or smb2_set_related() attempt to operate on these uninitialized structures, the kernel will oops (crash), resulting in a denial of service condition affecting all Linux distributions and versions using affected kernel code.

Technical ContextAI

The vulnerability resides in the Linux kernel's CIFS/SMB2 client implementation (cpe:2.3:a:linux:linux), specifically in the file handling routines for SMB protocol operations. The root cause is an uninitialized local variable (CWE-456: Missing Initialization with Hard-Coded Network Resource Configuration Elements, or similar uninitialized variable class) in the smb2_unlink() function. When SMB2_open_init() or SMB2_close_init() fails during network reconnection scenarios, the @open_iov and @close_iov variables remain uninitialized but are subsequently passed to cleanup and utility functions (@rqst structures). These cleanup operations dereference memory that was never properly initialized, leading to kernel panic. The SMB2 protocol implementation is critical infrastructure for Windows file share access on Linux systems.

RemediationAI

Apply the latest stable kernel update from your Linux distribution vendor, which includes the patches from kernel commits 86163b98891aa9800f6103252e5acc7bb98afb91 or later. For most distributions, run your standard update command (apt-get update && apt-get upgrade on Debian/Ubuntu, yum update on RHEL/CentOS, zypper update on SUSE). After patching, reboot to load the updated kernel. Until patching is possible, reduce exposure by disabling SMB2 client mounting (umount any SMB shares) if not critical to operations, restricting network access to SMB ports (139, 445) via firewall rules, or isolating systems requiring SMB access to dedicated network segments. Check your vendor security advisory for specific kernel version numbers that include the fix.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie not-affected - -
trixie (security) fixed 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15204 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy