CVE-2026-8449

12.05.2026, 22:16

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://github.com/torvalds/linux/blob/6596a02b207886e9e00bb0161c7fd59fea53c081/fs/smb/server/smbacl.c

https://github.com/torvalds/linux/commit/996454bc0da84d5a1dedb1a7861823087e01a7ae

https://www.vulncheck.com/advisories/linux-ksmbd-remote-memory-corruption-via-acl-inheritance