In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling a DURABLE_REQ_V2 context with SMB2_FLAGS_REPLAY_OPERATION. ksmbd_lookup_fd_cguid() does not filter by fp->conn, so it returns file handles
Linux Kernel 6.x/5.15 LTS | Ubuntu 22.04/20.04 LTS
Exploit
CVE-2026-23427
NVD
Refer to CVE-2026-23427 NVD advisory