Linux Kernel 6.6.136 LTS Released with SMB Security Fixes and OCFS2 Patches
The latest stable kernel update is out, and Greg Kroah-Hartman has packed it with enough security hardening to make a sysadmin sleep better at night. This release focuses heavily on file system integrity, networking stack validation, and virtualization stability. If you are running servers that handle untrusted SMB traffic or rely on OCFS2 for clustering, this update is mandatory reading before hitting reboot.
Linux Kernel 6.6.136 LTS Patches Filesystem and Networking Vulnerabilities
The ksmbd driver received a serious scrubbing in this release. The kernel team identified several out-of-bounds write vulnerabilities and memory leaks that could be triggered by malicious clients connecting to port 445. One patch fixes an off-by-one error in the max_connections check that was effectively blocking legitimate connections sooner than expected. Another addresses a u16 overflow when accumulating DACL sizes, which previously allowed pointer arithmetic to land inside already-written Access Control Entries. There is also a fix for a memory leak in the SPNEGO decode path that unauthenticated clients could exploit to slowly exhaust server memory. Running kernel-side SMB shares without this update leaves the door open for slow resource exhaustion and privilege escalation attempts.
OCFS2 and F2FS both received critical patches to prevent use-after-free conditions and out-of-bounds writes. The OCFS2 fixes address issues where corrupted filesystem images could trigger kernel panics during resize operations or inline data writes. One patch specifically validates the dinode signature before allowing group extension, stopping a BUG_ON crash that previously required a full reboot. F2FS gets a fix for a race condition in the compressed writeback path that could unblock an unmount operation prematurely, leading to slab cache destruction while a bio completion callback was still running. NTFS3 also sees validation added to journal-replay file record checks, bounding rec-used values to prevent massive memory copies into small buffers when replaying corrupted logs.
KVM gets a targeted fix for MMIO fragment handling that prevents use-after-free bugs when emulated writes split across page boundaries. The patch moves small write values into a dedicated scratch field instead of pointing directly at on-stack variables, which could be freed by the time userspace processes the second fragment. On the networking side, rxrpc receives validation checks for ticket lengths in non-XDR key preparsing paths to prevent WARN_ON splats from unprivileged users. There is also a fix for a TOCTOU race in packet socket mmap'd vnet_hdr handling that allowed concurrent userspace threads to bypass safety checks by modifying header fields between validation and use.
The usual parade of laptop audio quirks shows up, including fixes for the Lenovo Yoga Pro 7 bass speakers, Framework F111 systems with ALC285 codecs, and HP Pavilion mute LEDs. These are standard DMI table additions that just make hardware work out of the box without manual modprobe configuration. Media drivers get a thorough cleanup to prevent race conditions during device probe and release paths. The hackrf driver now properly defers memory freeing until the final file descriptor closes, stopping use-after-free crashes when userspace holds open handles during error paths. Similar fixes apply to the as102 and em28xx drivers, ensuring that device structures stay alive long enough for all pending I/O to complete safely.
Linux kernel 6.6.136 released
Linux kernel version 6.6.136 is now available:
Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.136.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.6.136.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.136.tar.sign
You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.6.136/v6.6.135
