u32 + u32 = 0 is still a bug in 2026 — an SMB2 client integer overflow walkthrough
An unguarded u32+u32 in the Linux cifs client lets a malicious SMB2 server trick the kernel into reading ~4 GiB from the TCP socket, stalling the connection for 180 seconds. Walkthrough of the code, the wire trigger, a KASAN-instrumented reproducer in QEMU, and the upstream fix. Patch landed in v7.1 and was AUTOSEL'd to stable. With a working PoC repo.