CVE-2026-46139

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In the SMB client, the build sec desc() function uses a buffer allocated with kmalloc(), which does not zero-initialize the memory. Due to a change in the struct smb acl where the num aces field was split into num aces and a reserved field, the 2-byte reserved field is not explicitly written to. This leaves the field containing uninitialized heap data. If this field contains non-zero garbage, Samba may reject the security descriptor, resulting in a Range Error and causing chmod to fail with EINVAL.

Recommendations Update the Linux kernel to a version that replaces kmalloc() with kzalloc() in the build sec desc() function to ensure the buffer is zero-initialized.