Remote Memory Corruption in Linux ksmbd Affecting Directory Creation Permissions
CVE-2026-8449

8.7HIGH

Key Information:

Vendor

Linux
Status
Ksmbd
Vendor
CVE Published:
12 May 2026

What is CVE-2026-8449?

The Linux ksmbd service is affected by a remote memory corruption vulnerability that arises during ACL inheritance. Specifically, it allows remote attackers with directory creation permissions to exploit a crafted discretionary access control list (DACL) that includes a malformed security identifier (SID) featuring an inflated num_subauth field. When exploited, this vulnerability can lead to a heap out-of-bounds read, causing unstable kernel behavior, denial of service, and may allow attackers to escalate their privileges, potentially leading to arbitrary code execution within the kernel environment.

Affected Version(s)

ksmbd 0 <= 996454b

References

https://github.com/torvalds/linux/blob/6596a02b207886e9e0...
producttechnical-description
https://github.com/torvalds/linux/commit/996454bc0da84d5a...
patch
https://www.vulncheck.com/advisories/linux-ksmbd-remote-m...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Shota Zaizen
.