CRITICALCVE-2026-43379Published Modified CNA Linux
CVE-2026-43379: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race condition where the memory could be freed by a concurrent writer between the unlock and the subsequent pointer dereferences (opinfo->is_lease, etc.), leading to a use-after-free.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- 0
- Affected Products
- 2
Fix available
06.6.1306.12.786.18.196.19.97.0960699317d39f46611f4ebeb69edc567c1f4e6b6b3568347c51c46e2cabc356bc34676df98296619bf4d66d72e4a9e268c1012c331ce9eaedb5e2086dbbd328cf58261ca239756fe1c0d10c9518d3399eac3361e3d5dd8067b3258c69615888eb45e9f25
Affected packages
- Linux / Linux< bf4d66d72e4a9e268c1012c331ce9eaedb5e2086 (from 27b40b7bfcd121fe13a150ffe11957630cf49246) · < 960699317d39f46611f4ebeb69edc567c1f4e6b6 (from 5fb282ba4fef8985a5acf2b32681f2ec07732561) · < dbbd328cf58261ca239756fe1c0d10c9518d3399 (from 5fb282ba4fef8985a5acf2b32681f2ec07732561) · < b3568347c51c46e2cabc356bc34676df98296619 (from 5fb282ba4fef8985a5acf2b32681f2ec07732561) · < eac3361e3d5dd8067b3258c69615888eb45e9f25 (from 5fb282ba4fef8985a5acf2b32681f2ec07732561) · < 6.6.130 (from 6.6.32)
- Linux / Linux6.9Fixed in 0, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H