{"api_version":"1","generated_at":"2026-07-06T14:07:42+00:00","cve":"CVE-2026-45972","urls":{"html":"https://cve.report/CVE-2026-45972","api":"https://cve.report/api/cve/CVE-2026-45972.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-45972","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-45972"},"summary":{"title":"smb: client: fix potential UAF and double free in smb2_open_file()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF and double free in smb2_open_file()\n\nZero out @err_iov and @err_buftype before retrying SMB2_open() to\nprevent an UAF bug if @data != NULL, otherwise a double free.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-27 14:17:14","updated_at":"2026-06-30 03:20:07"},"problem_types":["CWE-416","CWE-825","CWE-825 Expired Pointer Dereference"],"metrics":[{"version":"3.1","source":"ADP","type":"CVSS","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-45972","name":"https://access.redhat.com/security/cve/CVE-2026-45972","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/7425453ea16dbc3bbb0f6cac4d60b537e5e4d151","name":"https://git.kernel.org/stable/c/7425453ea16dbc3bbb0f6cac4d60b537e5e4d151","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e66dcf7bb9c4df5582c82bc3582725abcbfbea73","name":"https://git.kernel.org/stable/c/e66dcf7bb9c4df5582c82bc3582725abcbfbea73","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45972.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45972.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481973","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2481973","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4d339b219004869e96c4ce56b8891f83a38da4c0","name":"https://git.kernel.org/stable/c/4d339b219004869e96c4ce56b8891f83a38da4c0","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74","name":"https://git.kernel.org/stable/c/96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ebbbc4bfad4cb355d17c671223d0814ee3ef4eda","name":"https://git.kernel.org/stable/c/ebbbc4bfad4cb355d17c671223d0814ee3ef4eda","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/639deb962986ef2f5e2a6d5a600c66f922471e81","name":"https://git.kernel.org/stable/c/639deb962986ef2f5e2a6d5a600c66f922471e81","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-45972","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45972","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 743f70406264348c0830f38409eb6c40a42fb2db 96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3a6d6b332f92990958602c1e35ce0173e2dd62e9 7425453ea16dbc3bbb0f6cac4d60b537e5e4d151 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b64e3b5d8d759dd4333992e4ba4dadf9359952c8 4d339b219004869e96c4ce56b8891f83a38da4c0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5 e66dcf7bb9c4df5582c82bc3582725abcbfbea73 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected e3a43633023e3cacaca60d4b8972d084a2b06236 639deb962986ef2f5e2a6d5a600c66f922471e81 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected e3a43633023e3cacaca60d4b8972d084a2b06236 ebbbc4bfad4cb355d17c671223d0814ee3ef4eda git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.1.163 6.1.165 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.6.124 6.6.128 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.12.70 6.12.75 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.18.10 6.18.14 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.19","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.165 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.128 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.75 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.14 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.4 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-05-27T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-05-27T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"45972","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"45972","cve":"CVE-2026-45972","epss":"0.000720000","percentile":"0.219700000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:35"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"}],"datePublic":"2026-05-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in the Linux kernel's Server Message Block (SMB) client. This vulnerability, within the `smb2_open_file()` function, could allow an attacker to cause memory corruption due to improper handling of memory during file open operations. This could lead to system instability or potentially enable an attacker to execute arbitrary code."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-825","description":"Expired Pointer Dereference","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:44:32.556Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-45972"},{"name":"RHBZ#2481973","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481973"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45972.json"}],"timeline":[{"lang":"en","time":"2026-05-27T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-27T00:00:00.000Z","value":"Made public."}],"title":"kernel: smb: client: fix potential UAF and double free in smb2_open_file()","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["fs/smb/client/smb2file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74","status":"affected","version":"743f70406264348c0830f38409eb6c40a42fb2db","versionType":"git"},{"lessThan":"7425453ea16dbc3bbb0f6cac4d60b537e5e4d151","status":"affected","version":"3a6d6b332f92990958602c1e35ce0173e2dd62e9","versionType":"git"},{"lessThan":"4d339b219004869e96c4ce56b8891f83a38da4c0","status":"affected","version":"b64e3b5d8d759dd4333992e4ba4dadf9359952c8","versionType":"git"},{"lessThan":"e66dcf7bb9c4df5582c82bc3582725abcbfbea73","status":"affected","version":"9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5","versionType":"git"},{"lessThan":"639deb962986ef2f5e2a6d5a600c66f922471e81","status":"affected","version":"e3a43633023e3cacaca60d4b8972d084a2b06236","versionType":"git"},{"lessThan":"ebbbc4bfad4cb355d17c671223d0814ee3ef4eda","status":"affected","version":"e3a43633023e3cacaca60d4b8972d084a2b06236","versionType":"git"},{"lessThan":"6.1.165","status":"affected","version":"6.1.163","versionType":"semver"},{"lessThan":"6.6.128","status":"affected","version":"6.6.124","versionType":"semver"},{"lessThan":"6.12.75","status":"affected","version":"6.12.70","versionType":"semver"},{"lessThan":"6.18.14","status":"affected","version":"6.18.10","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["fs/smb/client/smb2file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.19"},{"lessThan":"6.19","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.165","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.128","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.75","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.14","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.165","versionStartIncluding":"6.1.163","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.128","versionStartIncluding":"6.6.124","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.75","versionStartIncluding":"6.12.70","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.14","versionStartIncluding":"6.18.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.4","versionStartIncluding":"6.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.19","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF and double free in smb2_open_file()\n\nZero out @err_iov and @err_buftype before retrying SMB2_open() to\nprevent an UAF bug if @data != NULL, otherwise a double free."}],"metrics":[{"cvssV3_1":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"providerMetadata":{"dateUpdated":"2026-05-30T10:46:21.265Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/96e53bb3ee2f354cf6b4ab07bcc56e500f8b3f74"},{"url":"https://git.kernel.org/stable/c/7425453ea16dbc3bbb0f6cac4d60b537e5e4d151"},{"url":"https://git.kernel.org/stable/c/4d339b219004869e96c4ce56b8891f83a38da4c0"},{"url":"https://git.kernel.org/stable/c/e66dcf7bb9c4df5582c82bc3582725abcbfbea73"},{"url":"https://git.kernel.org/stable/c/639deb962986ef2f5e2a6d5a600c66f922471e81"},{"url":"https://git.kernel.org/stable/c/ebbbc4bfad4cb355d17c671223d0814ee3ef4eda"}],"title":"smb: client: fix potential UAF and double free in smb2_open_file()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-45972","datePublished":"2026-05-27T12:18:31.500Z","dateReserved":"2026-05-13T15:03:33.090Z","dateUpdated":"2026-06-30T02:44:32.556Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 14:17:14","lastModifiedDate":"2026-06-30 03:20:07","problem_types":["CWE-416","CWE-825","CWE-825 Expired Pointer Dereference"],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.163","versionEndExcluding":"6.1.165","matchCriteriaId":"F2E6F672-99A5-4539-9312-ED9E5727E1C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.124","versionEndExcluding":"6.6.128","matchCriteriaId":"5A13D8A0-4650-4291-B232-D6A29EB529EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.70","versionEndExcluding":"6.12.75","matchCriteriaId":"8A635070-FE03-4A8C-B47E-AD467AF0ECB5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.10","versionEndExcluding":"6.18.14","matchCriteriaId":"35A89BC7-E31E-4DDF-A921-3EDD7EB77120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.1","versionEndExcluding":"6.19.4","matchCriteriaId":"411B9362-5B74-4569-8450-50CAD50DE99C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*","matchCriteriaId":"35C8A871-4971-433E-A046-FC9F7B7D190A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"45972","Ordinal":"1","Title":"smb: client: fix potential UAF and double free in smb2_open_file","CVE":"CVE-2026-45972","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"45972","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF and double free in smb2_open_file()\n\nZero out @err_iov and @err_buftype before retrying SMB2_open() to\nprevent an UAF bug if @data != NULL, otherwise a double free.","Type":"Description","Title":"smb: client: fix potential UAF and double free in smb2_open_file"}]}}}