Vulnerability in Linux Kernel Affecting SMB Client Functionality
CVE-2026-46195

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46195?

A security vulnerability exists in the Linux kernel's SMB client functionality, where improper validation of the dacloffset parameter can lead to significant security implications. This issue allows a malicious server to manipulate the dacloffset, potentially causing pointer arithmetic issues on 32-bit builds. Such manipulation could allow an attacker to bypass security checks and access or alter sensitive data through the derived DACL pointer, particularly affecting operations like chmod and chown. The issue has been addressed by implementing rigorous numerical validation of the dacloffset parameter prior to the construction of any DACL pointer, ensuring stronger protection against potential exploitation.

Affected Version(s)

Linux bc3e9dd9d104ca1b75644eab87b38ce8a924aef4

Linux bc3e9dd9d104ca1b75644eab87b38ce8a924aef4 < 3b1ddba19e77ee35241cd27f16dc3e8d14e08db7

Linux bc3e9dd9d104ca1b75644eab87b38ce8a924aef4

References

https://git.kernel.org/stable/c/ba7f71b6161c0943dafc36756...

https://git.kernel.org/stable/c/3b1ddba19e77ee35241cd27f1...

https://git.kernel.org/stable/c/c688f3ed73d31943334ad2139...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46195 Data

JSON