๐Ÿ” CVE Alert

CVE-2026-46155

CRITICAL 9.1

smb/client: fix out-of-bounds read in smb2_compound_op()

CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, check_wsl_eas() returns success without validating that the entire OutputBufferLength fits within iov_len. Then smb2_compound_op() does: memcpy(idata->wsl.eas, data[0], size[0]); Where size[0] is OutputBufferLength. If iov_len is smaller than size[0], memcpy can read beyond the end of the rsp_iov allocation and leak adjacent kernel heap memory.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published May 28, 2026
Last Updated May 30, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new critical vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
7449d736bbbd160c76b01b8fcdf72f58a8757d4b < dffb44b2e06a2908e249f0f93156fc987eee1d1c ea41367b2a602f602ea6594fc4a310520dcc64f4 < 9b3af35645ff9cd334edc130249f9a2fb2bea25f ea41367b2a602f602ea6594fc4a310520dcc64f4 < 512d33bc8ea4ea5c19728ee118715f4b1f4d1926 ea41367b2a602f602ea6594fc4a310520dcc64f4 < a16f70a71be4b5a4eccf39a9bf09b47285f4cb7c ea41367b2a602f602ea6594fc4a310520dcc64f4 < 8d09328dfda089675e4c049f3f256064a1d1996b 6.6.32 < 6.6.140
Linux / Linux
6.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/dffb44b2e06a2908e249f0f93156fc987eee1d1c git.kernel.org: https://git.kernel.org/stable/c/9b3af35645ff9cd334edc130249f9a2fb2bea25f git.kernel.org: https://git.kernel.org/stable/c/512d33bc8ea4ea5c19728ee118715f4b1f4d1926 git.kernel.org: https://git.kernel.org/stable/c/a16f70a71be4b5a4eccf39a9bf09b47285f4cb7c git.kernel.org: https://git.kernel.org/stable/c/8d09328dfda089675e4c049f3f256064a1d1996b