CVE-2026-23427

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc3+

Description The Linux kernel contained a use-after-free flaw within the ksmbd component, specifically in the handling of durable v2 replay operations involving active file handles. The parse durable handle context() function unconditionally assigned a connection pointer, leading to a scenario where a stale connection was dereferenced after being freed by ksmbd close fd(). This condition was triggered during the replay of durable operations, potentially leading to system instability or other undefined behavior.

Recommendations Update to Linux kernel version 7.0.0-rc3+ or later.