Linux Kernel SMB2 Client OOB Read in symlink_data()
CVE-2026-46185 Published on May 28, 2026
smb/client: fix out-of-bounds read in symlink_data()
In the Linux kernel, the following vulnerability has been resolved:
smb/client: fix out-of-bounds read in symlink_data()
Since smb2_check_message() returns success without length validation for
the symlink error response, in symlink_data() it is possible for
iov->iov_len to be smaller than sizeof(struct smb2_err_rsp). If the buffer
only contains the base SMB2 header (64 bytes), accessing
err->ErrorContextCount (at offset 66) or err->ByteCount later in
symlink_data() will cause an out-of-bounds read.
Products Associated with CVE-2026-46185
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 76894f3e2f71177747b8b4763fb180e800279585 and below ef6495d4df6e7af8f3de67e65150881c880f696c is affected.
- Version 76894f3e2f71177747b8b4763fb180e800279585 and below 15dc0a4de743a1aaa7b859b3aea79f08c695396c is affected.
- Version 76894f3e2f71177747b8b4763fb180e800279585 and below b8c8a704f0bc133deb171f6aeb6f3a684203e212 is affected.
- Version 76894f3e2f71177747b8b4763fb180e800279585 and below b9561402489d41149f63e001a74384863b7b30a6 is affected.
- Version 76894f3e2f71177747b8b4763fb180e800279585 and below d62b8d236fab503c6fec1d3e9a38bea71feaca20 is affected.
- Version 2d046892a493d9760c35fdaefc3017f27f91b621 is affected.
- Version 6.0.16 and below 6.1 is affected.
- Version 6.1 is affected.
- Before 6.1 is unaffected.
- Version 6.6.140, <= 6.6.* is unaffected.
- Version 6.12.88, <= 6.12.* is unaffected.
- Version 6.18.30, <= 6.18.* is unaffected.
- Version 7.0.7, <= 7.0.* is unaffected.
- Version 7.1-rc3, <= * is unaffected.