VDB
CVE-2026-23282
CVE-2026-23282
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2_unlink() If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the iovs set @rqst will be left uninitialised, hence calling SMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will oops. Fix this by initialising @close_iov and @open_iov before setting them in @rqst.
EPSS 0.02% · 4.6th percentile
Risk Scores
EPSS Score
0.02%
4.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 6.17, 6.17, 6.17 |
| Linux | Linux | 1cf9f2a6a544288516a7b9e883a48eba6246bcf2, 1cf9f2a6a544288516a7b9e883a48eba6246bcf2, 6.17 |
Exploit Intelligence
- https://git.kernel.org/stable/c/86163b98891aa9800f6103252e5acc7bb98afb91 (circl)
- https://git.kernel.org/stable/c/dc710c87af3341554d02d634ada1d2036c49a94a (circl)
- https://git.kernel.org/stable/c/048efe129a297256d3c2088cf8d79515ff5ec864 (circl)
- glcve_test.go (github-poc)
- glcve_test.go (github-poc)
- glcve_test.go (github-poc)
- glcve_test.go (github-poc)
Timeline
- Mar 25, 2026 EPSS Score
- Mar 25, 2026 Coalition ESS Score
- Mar 25, 2026 CVE Published
- Mar 29, 2026 Security Advisory
- May 11, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score