Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel: SMB Client Data Corruption Risk
CVE-2026-23230
Summary
A bug in the Linux kernel's SMB client could cause data corruption. This happens when multiple threads access and change the same data simultaneously, potentially leading to incorrect results. To fix this issue, the kernel developers have separated the shared data into individual fields to prevent this type of problem.
Original title
In the Linux kernel, the following vulnerability has been resolved:
smb: client: split cached_fid bitfields to avoid shared-byte RMW races
is_open, has_lease and on_list are stored in the same bi...
Original description
In the Linux kernel, the following vulnerability has been resolved:
smb: client: split cached_fid bitfields to avoid shared-byte RMW races
is_open, has_lease and on_list are stored in the same bitfield byte in
struct cached_fid but are updated in different code paths that may run
concurrently. Bitfield assignments generate byte read–modify–write
operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can
restore stale values of the others.
A possible interleaving is:
CPU1: load old byte (has_lease=1, on_list=1)
CPU2: clear both flags (store 0)
CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits
To avoid this class of races, convert these flags to separate bool
fields.
smb: client: split cached_fid bitfields to avoid shared-byte RMW races
is_open, has_lease and on_list are stored in the same bitfield byte in
struct cached_fid but are updated in different code paths that may run
concurrently. Bitfield assignments generate byte read–modify–write
operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can
restore stale values of the others.
A possible interleaving is:
CPU1: load old byte (has_lease=1, on_list=1)
CPU2: clear both flags (store 0)
CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits
To avoid this class of races, convert these flags to separate bool
fields.
- https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a
- https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828
- https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578
- https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b
- https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b
- https://git.kernel.org/stable/c/ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026