CVE-2026-8449

Name of the Vulnerable Software and Affected Versions Linux ksmbd (affected versions not specified)

Description A remote memory corruption issue exists in the ACL inheritance path. Remote clients with directory creation permissions can trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL (Discretionary Access Control List) with a malformed SID (Security Identifier) containing an inflated num subauth field. This is achieved by creating a directory, setting the malicious DACL via the 'SMB2 SET INFO' endpoint, and creating child entries. This can lead to kernel instability, denial of service, or potential privilege escalation to kernel code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.