CVE Catalog

CVE-2026-46155

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

19th percentile — higher than 19% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel that allows for out-of-bounds read in the smb2_compound_op() function. The issue occurs when a server sends a truncated response with a large OutputBufferLength, potentially leading to kernel memory leakage.

Risk Assessment

This vulnerability may lead to the exposure of sensitive data from kernel memory, posing a risk to the integrity and confidentiality of the system.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to monitor the system for unauthorized access.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, check_wsl_eas() returns success without validating that the entire OutputBufferLength fits within iov_len. Then smb2_compound_op() does: memcpy(idata->wsl.eas, data[0], size[0]); Where size[0] is OutputBufferLength. If iov_len is smaller than size[0], memcpy can read beyond the end of the rsp_iov allocation and leak adjacent kernel heap memory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS