PT-2026-44308 · Linux · Linux
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-46185
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
smb/client: fix out-of-bounds read in symlink data()
Since smb2 check message() returns success without length validation for
the symlink error response, in symlink data() it is possible for
iov->iov len to be smaller than sizeof(struct smb2 err rsp). If the buffer
only contains the base SMB2 header (64 bytes), accessing
err->ErrorContextCount (at offset 66) or err->ByteCount later in
symlink data() will cause an out-of-bounds read.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux