FKIE_CVE-2026-23205

Vulnerability from fkie_nvd - Published: 2026-02-14 17:15 - Updated: 2026-02-18 17:52
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //${server_ip}/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4. client: umount /mnt 5. client: sleep 1 6. client: modprobe -r cifs The error message is as follows: ============================================================================= BUG cifs_small_rq (Not tainted): Objects remaining on __kmem_cache_shutdown() ----------------------------------------------------------------------------- Object 0x00000000d47521be @offset=14336 ... WARNING: mm/slub.c:1251 at __kmem_cache_shutdown+0x34e/0x440, CPU#0: modprobe/1577 ... Call Trace: <TASK> kmem_cache_destroy+0x94/0x190 cifs_destroy_request_bufs+0x3e/0x50 [cifs] cleanup_module+0x4e/0x540 [cifs] __se_sys_delete_module+0x278/0x400 __x64_sys_delete_module+0x5f/0x70 x64_sys_call+0x2299/0x2ff0 do_syscall_64+0x89/0x350 entry_SYSCALL_64_after_hwframe+0x76/0x7e ... kmem_cache_destroy cifs_small_rq: Slab cache still has objects when called from cifs_destroy_request_bufs+0x3e/0x50 [cifs] WARNING: mm/slab_common.c:532 at kmem_cache_destroy+0x16b/0x190, CPU#0: modprobe/1577
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3a6d6b332f92990958602c1e35ce0173e2dd62e9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/743f70406264348c0830f38409eb6c40a42fb2db
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b64e3b5d8d759dd4333992e4ba4dadf9359952c8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e3a43633023e3cacaca60d4b8972d084a2b06236
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: fix memory leak in smb2_open_file()\n\nReproducer:\n\n  1. server: directories are exported read-only\n  2. client: mount -t cifs //${server_ip}/export /mnt\n  3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct\n  4. client: umount /mnt\n  5. client: sleep 1\n  6. client: modprobe -r cifs\n\nThe error message is as follows:\n\n  =============================================================================\n  BUG cifs_small_rq (Not tainted): Objects remaining on __kmem_cache_shutdown()\n  -----------------------------------------------------------------------------\n\n  Object 0x00000000d47521be @offset=14336\n  ...\n  WARNING: mm/slub.c:1251 at __kmem_cache_shutdown+0x34e/0x440, CPU#0: modprobe/1577\n  ...\n  Call Trace:\n   \u003cTASK\u003e\n   kmem_cache_destroy+0x94/0x190\n   cifs_destroy_request_bufs+0x3e/0x50 [cifs]\n   cleanup_module+0x4e/0x540 [cifs]\n   __se_sys_delete_module+0x278/0x400\n   __x64_sys_delete_module+0x5f/0x70\n   x64_sys_call+0x2299/0x2ff0\n   do_syscall_64+0x89/0x350\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  ...\n  kmem_cache_destroy cifs_small_rq: Slab cache still has objects when called from cifs_destroy_request_bufs+0x3e/0x50 [cifs]\n  WARNING: mm/slab_common.c:532 at kmem_cache_destroy+0x16b/0x190, CPU#0: modprobe/1577"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nsmb/cliente: corrige una fuga de memoria en smb2_open_file()\n\nReproductor:\n\n  1. servidor: los directorios se exportan de solo lectura\n  2. cliente: mount -t cifs //${server_ip}/export /mnt\n  3. cliente: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct\n  4. cliente: umount /mnt\n  5. cliente: sleep 1\n  6. cliente: modprobe -r cifs\n\nEl mensaje de error es el siguiente:\n\n  =============================================================================\n  BUG cifs_small_rq (No contaminado): Objetos restantes en __kmem_cache_shutdown()\n  -----------------------------------------------------------------------------\n\n  Object 0x00000000d47521be @offset=14336\n  ...\n  ADVERTENCIA: mm/slub.c:1251 en __kmem_cache_shutdown+0x34e/0x440, CPU#0: modprobe/1577\n  ...\n  Traza de Llamada:\n   \n   kmem_cache_destroy+0x94/0x190\n   cifs_destroy_request_bufs+0x3e/0x50 [cifs]\n   cleanup_module+0x4e/0x540 [cifs]\n   __se_sys_delete_module+0x278/0x400\n   __x64_sys_delete_module+0x5f/0x70\n   x64_sys_call+0x2299/0x2ff0\n   do_syscall_64+0x89/0x350\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  ...\n  kmem_cache_destroy cifs_small_rq: La cach\u00e9 de slab a\u00fan tiene objetos cuando se llama desde cifs_destroy_request_bufs+0x3e/0x50 [cifs]\n  ADVERTENCIA: mm/slab_common.c:532 en kmem_cache_destroy+0x16b/0x190, CPU#0: modprobe/1577"
    }
  ],
  "id": "CVE-2026-23205",
  "lastModified": "2026-02-18T17:52:22.253",
  "metrics": {},
  "published": "2026-02-14T17:15:58.403",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3a6d6b332f92990958602c1e35ce0173e2dd62e9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/743f70406264348c0830f38409eb6c40a42fb2db"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9ee608a64e37cea5b4b13e436c559dd0fb2ad1b5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b64e3b5d8d759dd4333992e4ba4dadf9359952c8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e3a43633023e3cacaca60d4b8972d084a2b06236"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.