CVE-2026-23230
Published: Feb 18, 2026
Modified: Jun 2, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < 569fecc56bfe4df66f05734d67daef887746656baffected ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < 4386f6af8aaedd0c5ad6f659b40cadcc8f423828affected ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < 3eaa22d688311c708b73f3c68bc6d0c8e3f0f77aaffected ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < c4b9edd55987384a1f201d3d07ff71e448d79c1baffected ebe98f1447bbccf8228335c62d86af02a0ed23f7 - < 4cfa4c37dcbcfd70866e856200ed8a2894cac578+1 more versions |
Linux | Linux | affected 6.1unaffected 0 - < 6.1unaffected 6.1.164 - <= 6.1.*unaffected 6.6.125 - <= 6.6.*unaffected 6.12.72 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now