CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix out-of-bounds read in smb2 compound op()

If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, check wsl eas() returns success without validating that the entire OutputBufferLength fits within iov len.

Then smb2 compound op() does: memcpy(idata->wsl.eas, data[0], size[0]);

Where size[0] is OutputBufferLength. If iov len is smaller than size[0], memcpy can read beyond the end of the rsp iov allocation and leak adjacent kernel heap memory.