Linux Kernel SMB Client RMW Race via Shared Bitfield
CVE-2026-23230 Published on February 18, 2026
smb: client: split cached_fid bitfields to avoid shared-byte RMW races
In the Linux kernel, the following vulnerability has been resolved:
smb: client: split cached_fid bitfields to avoid shared-byte RMW races
is_open, has_lease and on_list are stored in the same bitfield byte in
struct cached_fid but are updated in different code paths that may run
concurrently. Bitfield assignments generate byte readmodifywrite
operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can
restore stale values of the others.
A possible interleaving is:
CPU1: load old byte (has_lease=1, on_list=1)
CPU2: clear both flags (store 0)
CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits
To avoid this class of races, convert these flags to separate bool
fields.
Products Associated with CVE-2026-23230
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version ebe98f1447bbccf8228335c62d86af02a0ed23f7 and below 569fecc56bfe4df66f05734d67daef887746656b is affected.
- Version ebe98f1447bbccf8228335c62d86af02a0ed23f7 and below 4386f6af8aaedd0c5ad6f659b40cadcc8f423828 is affected.
- Version ebe98f1447bbccf8228335c62d86af02a0ed23f7 and below 3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a is affected.
- Version ebe98f1447bbccf8228335c62d86af02a0ed23f7 and below c4b9edd55987384a1f201d3d07ff71e448d79c1b is affected.
- Version ebe98f1447bbccf8228335c62d86af02a0ed23f7 and below 4cfa4c37dcbcfd70866e856200ed8a2894cac578 is affected.
- Version ebe98f1447bbccf8228335c62d86af02a0ed23f7 and below ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241 is affected.
- Version 6.1 is affected.
- Before 6.1 is unaffected.
- Version 6.1.164, <= 6.1.* is unaffected.
- Version 6.6.125, <= 6.6.* is unaffected.
- Version 6.12.72, <= 6.12.* is unaffected.
- Version 6.18.11, <= 6.18.* is unaffected.
- Version 6.19.1, <= 6.19.* is unaffected.
- Version 7.0-rc1, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.