CVE-2026-23205

CWE-401Memory LeakCWE-7727 documents7 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 94.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //${server_ip}/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4. client: umount /mnt 5. client: sleep 1 6. client: modprobe -r cifs The error message is as follows: BUG cifs_small_rq (Not tainted): Objects remaining on __kmem_cache_shutdown() Object 0x0000000

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.1.1416.1.163+4
CVEListV5linux/linux17e53a15e64b65623b8f2b1185d27d7b1cbf69ab743f70406264348c0830f38409eb6c40a42fb2db+6
Debianlinux< 6.1.164-1+2
Debianlinux-6.1< 6.1.164-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-9rcv-5g2j-597r: In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 12026-02-14
CVEList
smb/client: fix memory leak in smb2_open_file()2026-02-14
OSV
CVE-2026-23205: In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 12026-02-14

📋Vendor Advisories

2
Red Hat
kernel: smb/client: fix memory leak in smb2_open_file()2026-02-14
Debian
CVE-2026-23205: linux - In the Linux kernel, the following vulnerability has been resolved: smb/client:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23205 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23205 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io