What is CVE-2026-46139?

CVE-2026-46139 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.12.23 onward and patched in 6.12.88, 6.18.30, 7.0.7 and others. CVE-2026-46139 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46139?

CVE-2026-46139 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46139?

Yes, CVE-2026-46139 has been patched. Fixed versions include 6.12.88, 6.18.30, 7.0.7 and others. If you are running Linux kernel 6.12.23 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46139 actively exploited?

CVE-2026-46139 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46139

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d ("smb: common: change the data type of num_aces to le16") split struct smb_acl's __le32 num_aces field into __le16 num_aces and __le16 reserved. The reserved field corresponds to Sbz2 in the MS-DTYP ACL wire format, which must be zero [1]. When building an ACL descriptor in build_sec_desc(), we are using a kmalloc()'ed descriptor buffer and writing the fields explicitly using le16() writes now. This never writes to the 2 byte reserved field, leaving it as uninitialized heap data. When the reserved field happens to contain non-zero slab garbage, Samba rejects the security descriptor with "ndr_pull_security_descriptor failed: Range Error", causing chmod to fail with EINVAL. Change kmalloc() to kzalloc() to ensure the entire buffer is zero-initialized. [1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428

Package Linux Kernel

Published 2026-05-28

Last modified 2026-05-28

Patch available

Yes

Affected versions

Linux kernel versions 6.12.23, 6.13.11, 6.14 and later are affected. Fixed in 6.12.88, 6.18.30, 7.0.7, 7.1-rc3 and their respective stable series.

Affected from

≥ 6.12.23 ≥ 6.13.11 ≥ 6.14

Fixed in

✓ 6.12.88 6.12.x ✓ 6.18.30 6.18.x ✓ 7.0.7 7.0.x ✓ 7.1-rc3

References

The following references provide additional information about CVE-2026-46139 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/4c3ed344a970aad51388ac3b0145b98318f0e21f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5e489c6c47a2ac15edbaca153b9348e42c1eacab
Patch
Kernel patch commit
https://git.kernel.org/stable/c/941a1e6eb35440336913afc88a82103291956d5d
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46139?

CVE-2026-46139 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.12.23 onward and has been patched in 6.12.88, 6.18.30, 7.0.7 and others. CVE-2026-46139 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46139?

Yes — CVE-2026-46139 has been patched. Fixed versions include 6.12.88, 6.18.30, 7.0.7 and others. If you are running Linux kernel 6.12.23 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46139 actively exploited?

No — CVE-2026-46139 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.