CVE-2026-23220

Description

In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error pathsThe problem occurs when a signed request fails smb2 signature verificationcheck. In __process_request(), if check_sign_req() returns an error,set_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called.set_smb2_rsp_status() set work->next_smb2_rcv_hdr_off as zero. By resettingnext_smb2_rcv_hdr_off to zero, the pointer to the next command in the chainis lost. Consequently, is_chained_smb2_message() continues to point tothe same request header instead of advancing. If the headers NextCommandfield is non-zero, the function returns true, causing __handle_ksmbd_work()to repeatedly process the same failed request in an infinite loop.This results in the kernel log being flooded with bad smb2 signaturemessages and high CPU usage.This patch fixes the issue by changing the return value fromSERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures thatthe processing loop terminates immediately rather than attempting tocontinue from an invalidated offset.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.019

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234