Описание
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix refcount leak in parse_durable_handle_context()
When the command is a replay operation and -ENOEXEC is returned,
the refcount of ksmbd_file must be released.
A reference count leak flaw was found in the Linux kernel's ksmbd in-kernel SMB server. In the parse_durable_handle_context() function, when a command is detected as a replay operation and returns -ENOEXEC, the reference count of the ksmbd_file structure is not properly released. This leads to a resource leak that could result in gradual memory exhaustion over time.
Отчет
This flaw affects the ksmbd in-kernel SMB server, which is not widely deployed in production environments. Exploitation requires authenticated SMB client access capable of issuing durable handle replay operations, limiting the attack surface significantly.
Меры по смягчению последствий
To mitigate this issue, prevent the ksmbd module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist kernel modules.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in parse_durable_handle_context() When the command is a replay operation and -ENOEXEC is returned, the refcount of ksmbd_file must be released.
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in parse_durable_handle_context() When the command is a replay operation and -ENOEXEC is returned, the refcount of ksmbd_file must be released.
In the Linux kernel, the following vulnerability has been resolved: s ...
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in parse_durable_handle_context() When the command is a replay operation and -ENOEXEC is returned, the refcount of ksmbd_file must be released.
ELSA-2026-50160: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
5.5 Medium
CVSS3