Linux Kernel ksmbd Vulnerability Allows Data Corruption in Multi-Channel Sessions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Linux Kernel ksmbd Vulnerability Allows Data Corruption in Multi-Channel Sessions

CVE-2026-23226

Summary

A bug in the Linux kernel's ksmbd component can cause data corruption in multi-channel sessions. This happens when the program tries to access data that has already been deleted. To fix this, the developers added a lock to protect the affected data, which should prevent this issue from happening in the future. You should update to the latest version of the Linux kernel to ensure you have this fix.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
linux	linux_kernel	> 6.3 , <= 6.18.11	–
linux	linux_kernel	> 6.19 , <= 6.19.1	–

Original title

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free...

Original description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: add chann_lock to protect ksmbd_chann_list xarray

ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in
multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del).

Adds rw_semaphore chann_lock to struct ksmbd_session and protects
all xa_load/xa_store/xa_erase accesses.

nvd CVSS3.1 7.8

Vulnerability type

CWE-416 Use After Free

Published: 18 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026