SB2026011456 - Improper locking in Linux kernel smb server
Published: January 14, 2026
Security Bulletin ID
SB2026011456
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-68786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_lock_range() and ksmbd_vfs_truncate() functions in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/52fcbb92e0d3acfd1448b2a43b6595d540da5295
- https://git.kernel.org/stable/c/571204e4758a528fbd67330bd4b0dfbdafb33dd8
- https://git.kernel.org/stable/c/5d510ac31626ed157d2182149559430350cf2104
- https://git.kernel.org/stable/c/a6f4cfa3783804336491e0edcb250c25f9b59d33
- https://git.kernel.org/stable/c/da29cd197246c85c0473259f1cad897d9d28faea