Login Sign Up

CVE-2026-23230

N/A Unknown

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's SMB client implementation where concurrent updates to bitfield flags in cached_fid structures could cause stale data to be restored. This affects Linux systems using the SMB client functionality, potentially leading to file access issues or unexpected behavior.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but includes kernels with the vulnerable code before the fix commits.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the SMB client functionality. The vulnerability is in the kernel's SMB implementation, not in Samba or other user-space SMB software.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

File corruption, data loss, or denial of service due to incorrect file handle state management in SMB operations.

🟠

Likely Case

Intermittent file access failures, application errors, or unexpected behavior during concurrent SMB operations.

🟢

If Mitigated

Minor performance impact or isolated file access issues that don't affect overall system stability.

🌐 Internet-Facing: LOW - Requires local access or SMB client usage, not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Affects systems using SMB client functionality, could impact file operations in enterprise environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires precise timing and concurrent access to trigger race condition.

Exploitation requires local access or ability to trigger concurrent SMB operations. Race conditions are difficult to reliably exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a, 4386f6af8aaedd0c5ad6f659b40cadcc8f423828, 4cfa4c37dcbcfd70866e856200ed8a2894cac578, c4b9edd55987384a1f201d3d07ff71e448d79c1b

Vendor Advisory: https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable SMB client usage

linux

Avoid using the kernel's SMB client functionality where possible

🧯 If You Can't Patch

  • Monitor systems for SMB-related errors or file access issues
  • Implement strict access controls and limit concurrent SMB operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if it includes the fix commits. Use: uname -r and compare with distribution's security advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and includes the fix commits. Check distribution's security patch status.

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing SMB client errors
  • File access failures in applications using SMB

Network Indicators:

  • Unusual SMB protocol errors or retries

SIEM Query:

source="kernel" AND ("SMB" OR "cached_fid" OR "file access error")

📊 Metadata

CVE ID: CVE-2026-23230
CVSS v3 Score: N/A (Unknown)
Published: February 18, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON