DEBIAN-CVE-2026-23228

DEBIAN-CVE-2026-23228 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this counter. Replace free_transport() with ksmbd_tcp_disconnect().

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	linux-6.1	6.1.162-1, 6.1.159-1, 6.1.158-1
Debian:12	linux	6.1.76-1, 6.1.82-1, 6.1.85-1
Debian:13	linux	6.12.73-1, 6.12.69-1, 6.12.69-1
Debian:14	linux	6.18.2-1, 6.18.3-1, 6.18.5-1

Exploit Intelligence

4081.3.7.yml (github-poc)

Timeline

Feb 18, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-23228 advisory

Open in Interactive Console →