CVE-2026-31477

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The smb2 lock() function in the ksmbd module contains three error handling issues. First, if vfs lock file() returns an unexpected error in the non-UNLOCK path, the smb lock and its flock are leaked because the handler does not iterate over the detached smb lock. Second, a similar leak of smb lock and flock occurs if vfs lock file() returns -ENOENT in the UNLOCK path, and a stale error code is returned to the dispatcher. Third, in the rollback path, smb flock init() may return NULL during an allocation failure, which is then dereferenced unconditionally, leading to a kernel NULL pointer dereference (a situation where the system attempts to read or write to a memory address that is zero, typically causing a system crash).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.