{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: smb: client: fix oops due to uninitialised var in smb2_unlink()",
    "id" : "2451246",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2451246"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-824",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: fix oops due to uninitialised var in smb2_unlink()\nIf SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), the\niovs set @rqst will be left uninitialised, hence calling\nSMB2_open_free(), SMB2_close_free() or smb2_set_related() on them will\noops.\nFix this by initialising @close_iov and @open_iov before setting them\nin @rqst.", "A flaw was found in the Linux kernel's Server Message Block (SMB) client. This vulnerability occurs when the SMB client fails to properly initialize variables during certain connection operations, such as reconnecting. An uninitialized variable can then be used, leading to a kernel panic and causing a Denial of Service (DoS) on the affected system. A remote attacker could potentially trigger this flaw." ],
  "statement" : "This flaw affects systems using the SMB/CIFS client for network file sharing. When SMB2_open_init() or SMB2_close_init() fails during operations like reconnection, uninitialized iovec structures are used in subsequent calls, causing a kernel crash. The vulnerability can be triggered by network conditions that cause SMB reconnection failures.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23282\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23282\nhttps://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23282-bad0@gregkh/T" ],
  "name" : "CVE-2026-23282",
  "csaw" : false
}