CVE-2026-23230
HIGHLinux Kernel < 6.1.164, 6.2.0-6.6.125, 6.7.0-6.12.72, 6.13.0-6.18.11, 6.19.0 - SMB Client Race Condition
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read–modify–write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields.
References (6)
Core 6
Core References
Scores
CVSS v3
8.8
EPSS
0.0003
EPSS Percentile
9.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (22)
linux/Kernel
< 6.1.164linux
linux/Kernel
6.1.0 - 6.1.164linux
linux/Kernel
6.13.0 - 6.18.11linux
linux/Kernel
6.19.0 - 6.19.1linux
linux/Kernel
6.2.0 - 6.6.125linux
linux/Kernel
6.7.0 - 6.12.72linux
Linux/Linux
< 6.1
Linux/Linux
6.1
Linux/Linux
6.1.164 - 6.1.*
Linux/Linux
6.12.72 - 6.12.*
... and 12 more
Published
Feb 18, 2026
Tracked Since
Feb 18, 2026