CVE-2026-46185
Out-of-Bounds Read in Linux Kernel SMB Client
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's SMB client code, specifically in the function symlink_data(). The issue arises because smb2_check_message() returns success without validating the length of the symlink error response. As a result, symlink_data() may attempt to read beyond the bounds of the provided buffer if the buffer is smaller than expected.
More specifically, if the buffer only contains the base SMB2 header (64 bytes), accessing fields such as ErrorContextCount or ByteCount in the error response structure will cause an out-of-bounds read, potentially leading to memory safety issues.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds read in kernel memory when processing SMB symlink error responses. Such out-of-bounds reads can cause system instability, crashes, or potentially expose sensitive kernel memory contents, which may be leveraged by attackers for further exploitation.