CVE-2026-52967 - Vulnerability Details

- smb/client: fix possible infinite loop and oob read in symlink_data()

Description

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix possible infinite loop and oob read in symlink_data()

On 32-bit architectures, the infinite loop is as follows:

len = p->ErrorDataLength == 0xfffffff8
u8 *next = p->ErrorContextData + len
next == p

On 32-bit architectures, the out-of-bounds read is as follows:

len = p->ErrorDataLength == 0xfffffff0
u8 *next = p->ErrorContextData + len
next == (u8 *)p - 8

Published: 2026-06-24

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`76894f3e2f71177747b8b4763fb180e800279585`	affected	< 1cfa2d59f669db28d6292d10ff87ca6837c781b0
`76894f3e2f71177747b8b4763fb180e800279585`	affected	< b41598bf54b3fe528994e573df6008f8f4d0a4f4
`76894f3e2f71177747b8b4763fb180e800279585`	affected	< cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23
`76894f3e2f71177747b8b4763fb180e800279585`	affected	< 97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb
`76894f3e2f71177747b8b4763fb180e800279585`	affected	< 1b9331b16b0ed9414dcf7583d8134bdfeb117aae
`76894f3e2f71177747b8b4763fb180e800279585`	affected	< 7d9a7f1f96cd617ee9e75bb22217c709038e26b8
`2d046892a493d9760c35fdaefc3017f27f91b621`	affected	—
`6.0.16`	affected	< 6.1

Linux

affected

Version	Status	Constraints
`6.1`	affected	—
`0`	unaffected	< 6.1
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[76894f3e2f71177747b8b4763fb180e800279585,1cfa2d59f669db28d6292d10ff87ca6837c781b0)`	affected	generic	—
`[76894f3e2f71177747b8b4763fb180e800279585,b41598bf54b3fe528994e573df6008f8f4d0a4f4)`	affected	generic	—
`[76894f3e2f71177747b8b4763fb180e800279585,cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23)`	affected	generic	—
`[76894f3e2f71177747b8b4763fb180e800279585,97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb)`	affected	generic	—
`[76894f3e2f71177747b8b4763fb180e800279585,1b9331b16b0ed9414dcf7583d8134bdfeb117aae)`	affected	generic	—
`[76894f3e2f71177747b8b4763fb180e800279585,7d9a7f1f96cd617ee9e75bb22217c709038e26b8)`	affected	generic	—
`2d046892a493d9760c35fdaefc3017f27f91b621`	affected	generic	—
`[6.0.16,6.1)`	affected	semver	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.1`	affected	generic	—
`[0,6.1)`	unaffected	generic	—
`[6.1.175,6.2.0)`	unaffected	semver	—
`[6.6.141,6.7.0)`	unaffected	semver	—
`[6.12.91,6.13.0)`	unaffected	semver	—
`[6.18.33,6.19.0)`	unaffected	semver	—
`[7.0.10,7.1.0)`	unaffected	semver	—
`[7.1,*)`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00398.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1b9331b16b0ed9414dcf7583d8134bdfeb117aae
https://git.kernel.org/stable/c/1cfa2d59f669db28d6292d10ff87ca6837c781b0
https://git.kernel.org/stable/c/7d9a7f1f96cd617ee9e75bb22217c709038e26b8
https://git.kernel.org/stable/c/97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb
https://git.kernel.org/stable/c/b41598bf54b3fe528994e573df6008f8f4d0a4f4
https://git.kernel.org/stable/c/cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23
https://lore.kernel.org/linux-cve-announce/2026062438-CVE-2026-52967-0fd6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-52967
https://www.cve.org/CVERecord?id=CVE-2026-52967

History

Sun, 28 Jun 2026 08:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}`

Fri, 26 Jun 2026 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-119 CWE-932

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-190
References		https://lore.kernel.org/linux-cve-announce/2026062438-CVE-2026-52967-0fd6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-52967 https://www.cve.org/CVERecord?id=CVE-2026-52967
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 24 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-932

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlink_data() On 32-bit architectures, the infinite loop is as follows: len = p->ErrorDataLength == 0xfffffff8 u8 next = p->ErrorContextData + len next == p On 32-bit architectures, the out-of-bounds read is as follows: len = p->ErrorDataLength == 0xfffffff0 u8 next = p->ErrorContextData + len next == (u8 *)p - 8
Title		smb/client: fix possible infinite loop and oob read in symlink_data()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1b9331b16b0ed9414dcf7583d8134bdfeb117aae https://git.kernel.org/stable/c/1cfa2d59f669db28d6292d10ff87ca6837c781b0 https://git.kernel.org/stable/c/7d9a7f1f96cd617ee9e75bb22217c709038e26b8 https://git.kernel.org/stable/c/97a05b0ae9ea5ec052be2eef0f9cc7ce03501bbb https://git.kernel.org/stable/c/b41598bf54b3fe528994e573df6008f8f4d0a4f4 https://git.kernel.org/stable/c/cd4b9b662f0fb9aa97ee6bf9034eca76fc6cab23

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:28:46.661Z

Updated: 2026-06-28T06:37:24.053Z

Reserved: 2026-06-09T07:44:35.374Z

Link: CVE-2026-52967

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52967 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-28T13:45:06Z

Weaknesses

CWE-190

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object