CVE-2026-23228 – smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()

CVE ID : CVE-2026-23228

Published : Feb. 18, 2026, 4:22 p.m. | 37 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()

On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is
freed via free_transport(), which does not decrement active_num_conn,
leaking this counter.

Replace free_transport() with ksmbd_tcp_disconnect().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…