CVE-2026-46155
Out-of-Bounds Read in Linux Kernel SMB Client
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's SMB client implementation, specifically in the smb2_compound_op() function. When a server sends a truncated response but indicates a large OutputBufferLength and ends the EA list early, the function check_wsl_eas() incorrectly returns success without verifying that the entire OutputBufferLength fits within the allocated buffer length (iov_len).
As a result, smb2_compound_op() performs a memcpy operation using OutputBufferLength as the size, which can cause it to read beyond the allocated buffer. This out-of-bounds read can lead to leaking adjacent kernel heap memory.
How can this vulnerability impact me? :
This vulnerability can lead to the leakage of sensitive kernel heap memory due to an out-of-bounds read. An attacker controlling the server response could exploit this to access unintended memory areas, potentially exposing sensitive information stored in kernel memory.