smb: client: split cached_fid bitfields to avoid shared-byte RMW races

CVE	CVE-2026-23230
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-02-18 16:22:32 UTC
Updated	2026-04-02 15:16:24 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old \| IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields.

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem Types: NVD-CWE-noinfo

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H`
3.1	416baaa9-dc9f-4396-8d5f-8c081fb06d67	Secondary	8.8	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`
3.1	CNA	DECLARED	8.8	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 569fecc56bfe4df66f05734d67daef887746656b git	Not specified
CNA	Linux	Linux	affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 4386f6af8aaedd0c5ad6f659b40cadcc8f423828 git	Not specified
CNA	Linux	Linux	affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a git	Not specified
CNA	Linux	Linux	affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 c4b9edd55987384a1f201d3d07ff71e448d79c1b git	Not specified
CNA	Linux	Linux	affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 4cfa4c37dcbcfd70866e856200ed8a2894cac578 git	Not specified
CNA	Linux	Linux	affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241 git	Not specified
CNA	Linux	Linux	affected 6.1	Not specified
CNA	Linux	Linux	unaffected 6.1 semver	Not specified
CNA	Linux	Linux	unaffected 6.1.164 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.125 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.72 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.11 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.1 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0-rc1 * original_commit_for_fix	Not specified

Reference	Source	Link	Tags
git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.