CVE-2026-52944
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE FSCTL_SET_SPARSE in fsctl_set_sparse() modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two issues: 1) A client on a read-only share can change the sparse attribute on files it opened, even though the share is read-only. Other FSCTL write operations already check test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE), but FSCTL_SET_SPARSE does not. 2) Even on writable shares, clients without FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES access should not modify the sparse attribute. Similar handle-level checks exist in other functions but are missing here. Add both share-level writable check and per-handle access check. Use goto out on error to avoid leaking file references.
Affected versions
Linux kernel versions
5.15
and later are affected. Fixed in
6.6.143,
6.18.35,
7.0.12,
7.1
and their respective stable series.
References
4 totalFrequently asked questions
-
What is CVE-2026-52944?
CVE-2026-52944 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15 onward and has been patched in 6.6.143, 6.18.35, 7.0.12 and others. CVE-2026-52944 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-52944?
Yes — CVE-2026-52944 has been patched. Fixed versions include 6.6.143, 6.18.35, 7.0.12 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-52944 actively exploited?
No — CVE-2026-52944 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.