CVE-2026-23428

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc3+

Description The Linux kernel contains a use-after-free flaw within the ksmbd component, specifically in how it handles share configurations during compound requests. The smb2 get ksmbd tcon() function reuses a tree connection (work->tcon) without validating its state, potentially leading to a dereference of freed memory if a prior command in a compound request (like SMB2 TREE DISCONNECT) has already disconnected the tree and freed the associated share conf. This can occur when the compound reuse path bypasses a necessary state check (t state == TREE CONNECTED) in ksmbd tree conn lookup(). A KASAN report indicates the issue occurs in the smb2 write function.

Recommendations Update to Linux kernel version 7.0.0-rc3+ or later.