Description
In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix locking usage for tcon fields

We used to use the cifs_tcp_ses_lock to protect a lot of objects
that are not just the server, ses or tcon lists. We later introduced
srv_lock, ses_lock and tc_lock to protect fields within the
corresponding structs. This was done to provide a more granular
protection and avoid unnecessary serialization.

There were still a couple of uses of cifs_tcp_ses_lock to provide
tcon fields. In this patch, I've replaced them with tc_lock.
Published: 2026-05-06
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw stems from the misuse of a broad lock in the CIFS subsystem of the Linux kernel. Earlier code protected many unrelated structures with a single global lock, later replaced by more granular locks, but some remaining uses still relied on the original lock for tcon fields. This mismatch allows concurrent access to sensitive tcon data without proper synchronization, creating a race condition that can corrupt CIFS state or cause kernel crashes. The weakness aligns with CWE-413, Incorrect Locking or Synchronization, and CWE-667, Race Condition.

Affected Systems

All Linux kernel releases that lack the commit referenced by the patch identifier 8c59eeeeffa1524ef57e173a89a1a3ff539888d5 or newer are vulnerable. The issue is inherent to the CIFS driver and affects any distribution that ships an older kernel, regardless of vendor.

Risk and Exploitability

Exploitation requires an attacker able to generate simultaneous SMB traffic against the target system, implying network-level access to the CIFS/SMB service. Because the fault occurs in kernel code, an exploit could lead to kernel corruption or service disruption. The CVSS score is 8.8, but the EPSS score is < 1%, indicating a very low but nonzero exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector is remote over the network and that successful exploitation would demand elevated privileges within the kernel. The CVSS score of 8.8 indicates high severity, but the lack of known public exploits suggests a moderate to high risk pending discovery of an attack method.

Generated by OpenCVE AI on May 11, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes commit 8c59eeeeffa1524ef57e173a89a1a3ff539888d5, which replaces the incorrect lock usage with the proper tc_lock.
  • If an immediate kernel upgrade is not possible, apply any vendor‑supplied backport or patch that incorporates the CIFS tcon lock fix to the current kernel.
  • After applying a fix, restart CIFS or Samba services and monitor system logs for any CIFS‑related errors or crashes to confirm the race condition has been eliminated.

Generated by OpenCVE AI on May 11, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srv_lock, ses_lock and tc_lock to protect fields within the corresponding structs. This was done to provide a more granular protection and avoid unnecessary serialization. There were still a couple of uses of cifs_tcp_ses_lock to provide tcon fields. In this patch, I've replaced them with tc_lock.
Title cifs: Fix locking usage for tcon fields
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:20:13.815Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43215

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:41.063

Modified: 2026-05-11T19:44:10.940

Link: CVE-2026-43215

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43215 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T20:30:16Z

Weaknesses