{"id":"CVE-2026-23230","summary":"smb: client: split cached_fid bitfields to avoid shared-byte RMW races","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read–modify–write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n    CPU1: load old byte (has_lease=1, on_list=1)\n    CPU2: clear both flags (store 0)\n    CPU1: RMW store (old | IS_OPEN) -\u003e reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields.","modified":"2026-04-28T18:29:36.082561311Z","published":"2026-02-18T14:53:34.078Z","related":["SUSE-SU-2026:20838-1","SUSE-SU-2026:20931-1","SUSE-SU-2026:21284-1","openSUSE-SU-2026:10387-1","openSUSE-SU-2026:20416-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23230.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4386f6af8aaedd0c5ad6f659b40cadcc8f423828"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4cfa4c37dcbcfd70866e856200ed8a2894cac578"},{"type":"WEB","url":"https://git.kernel.org/stable/c/569fecc56bfe4df66f05734d67daef887746656b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c4b9edd55987384a1f201d3d07ff71e448d79c1b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23230.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23230"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ebe98f1447bbccf8228335c62d86af02a0ed23f7"},{"fixed":"569fecc56bfe4df66f05734d67daef887746656b"},{"fixed":"4386f6af8aaedd0c5ad6f659b40cadcc8f423828"},{"fixed":"3eaa22d688311c708b73f3c68bc6d0c8e3f0f77a"},{"fixed":"c4b9edd55987384a1f201d3d07ff71e448d79c1b"},{"fixed":"4cfa4c37dcbcfd70866e856200ed8a2894cac578"},{"fixed":"ec306600d5ba7148c9dbf8f5a8f1f5c1a044a241"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23230.json"}}],"schema_version":"1.7.5"}