CVE-2026-23428Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents7 sources
Severity
N/A
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3
Latest updateApr 19

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without validating tcon->t_state. ksmbd_tree_conn_lookup() checks t_state == TREE_CONNECTED on the initial lookup path, but the compound reuse path bypasses this check entirely. If a prior command in the compound (SMB2_TREE_DISCONNECT) sets t_state to TREE_DISCONNECTED and frees share_conf via ksmbd_share_c

Affected Packages3 packages

debiandebian/linux< linux 6.19.10-1 (forky)
Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux854156d12caa9d36de1cf5f084591c7686cc8a9deae0dc86f71e6f3294c0cd7ffc05039258d243af+8

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 7.0-rc4 ksmbd smb2_get_ksmbd_tcon use after free (EUVD-2026-18661 / Nessus ID 304959)2026-04-19
GHSA
GHSA-v45r-hfjf-mq4q: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon(2026-04-03
OSV
CVE-2026-23428: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon()2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: ksmbd: fix use-after-free of share_conf in compound request2026-04-03
Debian
CVE-2026-23428: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23428 Impact, Exploitability, and Mitigation Steps | Wiz