In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix possible infinite loop and oob read in symlink_data()

On 32-bit architectures, the infinite loop is as follows:

len = p->ErrorDataLength == 0xfffffff8
u8 *next = p->ErrorContextData + len
next == p

On 32-bit architectures, the out-of-bounds read is as follows:

len = p->ErrorDataLength == 0xfffffff0
u8 *next = p->ErrorContextData + len
next == (u8 *)p - 8

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
76894f3e2f71177747b8b4763fb180e800279585 affected < 1cfa2d59f669db28d6292d10ff87ca6837c781b0
76894f3e2f71177747b8b4763fb180e800279585 affected < b41598bf54b3fe528994e573df6008f8f4d0a4f4
76894f3e2f71177747b8b4763fb180e800279585 affected < cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23
76894f3e2f71177747b8b4763fb180e800279585 affected < 97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb
76894f3e2f71177747b8b4763fb180e800279585 affected < 1b9331b16b0ed9414dcf7583d8134bdfeb117aae
76894f3e2f71177747b8b4763fb180e800279585 affected < 7d9a7f1f96cd617ee9e75bb22217c709038e26b8
2d046892a493d9760c35fdaefc3017f27f91b621 affected
6.0.16 affected < 6.1
Linux Linux affected
Version Status Constraints
6.1 affected
0 unaffected < 6.1
6.1.175 unaffected ≤ 6.1.*
6.6.141 unaffected ≤ 6.6.*
6.12.91 unaffected ≤ 6.12.*
6.18.33 unaffected ≤ 6.18.*
7.0.10 unaffected ≤ 7.0.*
7.1 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/1b9331b16b0ed9414dcf7583d8134bdfeb117aae cve-icon
https://git.kernel.org/stable/c/1cfa2d59f669db28d6292d10ff87ca6837c781b0 cve-icon
https://git.kernel.org/stable/c/7d9a7f1f96cd617ee9e75bb22217c709038e26b8 cve-icon
https://git.kernel.org/stable/c/97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb cve-icon
https://git.kernel.org/stable/c/b41598bf54b3fe528994e573df6008f8f4d0a4f4 cve-icon
https://git.kernel.org/stable/c/cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23 cve-icon
History

Wed, 24 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-932

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlink_data() On 32-bit architectures, the infinite loop is as follows: len = p->ErrorDataLength == 0xfffffff8 u8 *next = p->ErrorContextData + len next == p On 32-bit architectures, the out-of-bounds read is as follows: len = p->ErrorDataLength == 0xfffffff0 u8 *next = p->ErrorContextData + len next == (u8 *)p - 8
Title smb/client: fix possible infinite loop and oob read in symlink_data()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:46.661Z

Reserved: 2026-06-09T07:44:35.374Z

Link: CVE-2026-52967

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T21:15:16Z

Weaknesses