CVE-2026-23230
Race Condition in Linux Kernel SMB Client Bitfield Handling
Publication date: 2026-02-18
Last updated on: 2026-04-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.19 (inc) to 6.19.1 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.125 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.72 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.11 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.164 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's SMB client code where multiple flags (is_open, has_lease, and on_list) are stored in the same bitfield byte within the struct cached_fid. These flags are updated in different code paths that may run concurrently, leading to race conditions during byte read-modify-write operations. Specifically, when one flag is updated, it can unintentionally restore stale values of the other flags due to concurrent access, causing inconsistent or incorrect flag states.
The issue arises because bitfield assignments generate byte-level read-modify-write instructions, which are not atomic for individual bits. This can cause interleaving where one CPU loads an old byte value, another CPU clears flags, and then the first CPU writes back a value that reintroduces cleared bits. The fix involves splitting these flags into separate boolean fields to avoid shared-byte race conditions.
How can this vulnerability impact me? :
This vulnerability can lead to race conditions in the Linux kernel SMB client, potentially causing incorrect or inconsistent internal state regarding file identifiers and leases. Such inconsistencies might result in unexpected behavior, data corruption, or stability issues when accessing SMB shares concurrently.
While the description does not specify direct security impacts like privilege escalation or data leakage, the race condition could affect the reliability and correctness of SMB client operations, which might indirectly impact system stability or data integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
This vulnerability has been resolved by splitting the cached_fid bitfields into separate boolean fields to avoid shared-byte read-modify-write races in the Linux kernel smb client.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.