Primary

Context

Linux Kernel SMB2 Server Use-After-Free Vulnerability in Open Function

Vulnerability

Patched

A use-after-free vulnerability has been fixed in the Linux kernel's SMB2 server implementation, specifically within the 'smb2_open' function. The issue arose because the 'opinfo' pointer, retrieved using 'rcu_dereference(fp->f_opinfo)', was dereferenced after releasing the RCU read lock, creating a window for potential exploitation.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, which may be exploited to cause memory corruption or execute arbitrary code.

Reproduction

The vulnerability can be reproduced by calling the 'smb2_open' function in the SMB server context. The 'opinfo' pointer will be incorrectly accessed after the RCU read lock is released, creating a use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: May 8, 2026, 9:22 PM

Updated: May 8, 2026, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

3.9

remediation

7.7

relevance

7.8

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

3.9

remediation

7.7

relevance

7.8

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SMB2 Server Use-After-Free Vulnerability in Open Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating