CVE-2026-23282

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the SMB2 implementation of the Linux kernel where uninitialized variables within the smb2 unlink() function can lead to system crashes (oops). Specifically, if SMB2 open init() or SMB2 close init() encounters a failure, the input/output vector set (iovs) at the request (rqst) remains uninitialized. Subsequently, calling functions like SMB2 open free(), SMB2 close free(), or smb2 set related() on this uninitialized set results in an 'oops' condition, indicating a kernel error. The issue is addressed by initializing the close iov and open iov before assigning them to the rqst.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.