CVE-2026-23230

smb: client: split cached_fid bitfields to avoid shared-byte RMW races

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in
struct cached_fid but are updated in different code paths that may run
concurrently. Bitfield assignments generate byte read–modify–write
operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can
restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool
fields.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1.

*Credits: N/A

CVSS Scores

kernel.orgv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-02-18 CVE Published
2026-04-03 EPSS Updated
2026-04-13 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/ebe98f1447bbccf8228335c62d86af02a0ed23f7	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b	2026-02-19
https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828	2026-02-16
https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a	2026-02-16
https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b	2026-02-16
https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578	2026-02-16
https://git.kernel.org/stable/c/ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241	2026-02-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.1.164 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.164"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.6.125 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.125"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.12.72 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.12.72"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.18.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.18.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.19.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.19.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 7.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 7.0"		en		Affected