Kernel Vulnerability in Linux Affecting SMB2 Operations
CVE-2026-53271

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53271?

A vulnerability in the Linux kernel exists due to the mishandling of opinfo->conn during oplock and lease break notifications in the ksmbd module. When smb2_oplock_break_noti() and smb2_lease_break_noti() access opinfo->conn without performing necessary checks, it poses a risk of dereferencing a NULL pointer. This can occur in a race condition scenario where a concurrent SMB2 LOGOFF might set op->conn to NULL, leading to a potential crash or undefined behavior. The resolution involves implementing READ_ONCE() for the reads of opinfo->conn and returning early if it is NULL, which helps to mitigate the risk of remote exploitation.

Affected Version(s)

Linux 8df4bcdb0a4232192b2445256c39b787d58ef14d < 945a86b21b40fb17183f5b27461baa6f03e2467f

Linux c8efcc786146a951091588e5fa7e3c754850cb3c < 1ff58dcfcab434ebb51649da33774fbb8e1f7b67

Linux c8efcc786146a951091588e5fa7e3c754850cb3c

References

https://git.kernel.org/stable/c/945a86b21b40fb17183f5b274...

https://git.kernel.org/stable/c/1ff58dcfcab434ebb51649da3...

https://git.kernel.org/stable/c/e735dbd489e3ea02be78dba99...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53271 Data

JSON