CVE-2026-43215 - Vulnerability Details

- cifs: Fix locking usage for tcon fields

Description

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix locking usage for tcon fields

We used to use the cifs_tcp_ses_lock to protect a lot of objects
that are not just the server, ses or tcon lists. We later introduced
srv_lock, ses_lock and tc_lock to protect fields within the
corresponding structs. This was done to provide a more granular
protection and avoid unnecessary serialization.

There were still a couple of uses of cifs_tcp_ses_lock to provide
tcon fields. In this patch, I've replaced them with tc_lock.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The flaw stems from the misuse of a broad lock in the CIFS subsystem of the Linux kernel. Earlier code protected many unrelated structures with a single global lock, later replaced by more granular locks, but some remaining uses still relied on the original lock for tcon fields. This mismatch allows concurrent access to sensitive tcon data without proper synchronization, creating a race condition that can corrupt CIFS state or cause kernel crashes. The weakness aligns with CWE-362, Race Condition.

Affected Systems

All Linux kernel releases that lack the commit referenced by the patch identifier 8c59eeeeffa1524ef57e173a89a1a3ff539888d5 or newer are vulnerable. The issue is inherent to the CIFS driver and affects any distribution that ships an older kernel, regardless of vendor.

Risk and Exploitability

Exploitation requires an attacker able to generate simultaneous SMB traffic against the target system, implying network-level access to the CIFS/SMB service. Because the fault occurs in kernel code, an exploit could lead to kernel corruption or service disruption. No public CVSS score or EPSS value is available, and the vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that the attack vector is remote over the network and that successful exploitation would demand elevated privileges within the kernel. The severity is high, but the lack of known public exploits suggests a moderate to high risk pending discovery of an attack method.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 953953abb66e52c224057ab91e404284fefeab62
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 601dd3b79769b38d30b693c40afdb2a4b7edf9d0
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 3969db6b22e3d90d8c5f22ac1a7fe0350a94c136
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 8c59eeeeffa1524ef57e173a89a1a3ff539888d5
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 96c4af418586ee9a6aab61738644366426e05316

Linux

affected

Version	Status	Constraints
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,953953abb66e52c224057ab91e404284fefeab62)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,601dd3b79769b38d30b693c40afdb2a4b7edf9d0)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,3969db6b22e3d90d8c5f22ac1a7fe0350a94c136)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,8c59eeeeffa1524ef57e173a89a1a3ff539888d5)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,96c4af418586ee9a6aab61738644366426e05316)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes commit 8c59eeeeffa1524ef57a173a89a1a3ff539888d5, which replaces the incorrect lock usage with the proper tc_lock.
If an immediate kernel upgrade is not possible, apply any vendor‑supplied backport or patch that incorporates the CIFS tcon lock fix to the current kernel.
After applying a fix, restart CIFS or Samba services and monitor system logs for any CIFS‑related errors or crashes to confirm the race condition has been eliminated.

Generated by OpenCVE AI on May 6, 2026 at 17:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3969db6b22e3d90d8c5f22ac1a7fe0350a94c136
https://git.kernel.org/stable/c/601dd3b79769b38d30b693c40afdb2a4b7edf9d0
https://git.kernel.org/stable/c/8c59eeeeffa1524ef57e173a89a1a3ff539888d5
https://git.kernel.org/stable/c/953953abb66e52c224057ab91e404284fefeab62
https://git.kernel.org/stable/c/96c4af418586ee9a6aab61738644366426e05316

History

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srv_lock, ses_lock and tc_lock to protect fields within the corresponding structs. This was done to provide a more granular protection and avoid unnecessary serialization. There were still a couple of uses of cifs_tcp_ses_lock to provide tcon fields. In this patch, I've replaced them with tc_lock.
Title		cifs: Fix locking usage for tcon fields
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3969db6b22e3d90d8c5f22ac1a7fe0350a94c136 https://git.kernel.org/stable/c/601dd3b79769b38d30b693c40afdb2a4b7edf9d0 https://git.kernel.org/stable/c/8c59eeeeffa1524ef57e173a89a1a3ff539888d5 https://git.kernel.org/stable/c/953953abb66e52c224057ab91e404284fefeab62 https://git.kernel.org/stable/c/96c4af418586ee9a6aab61738644366426e05316

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:17.425Z

Updated: 2026-05-06T11:28:17.425Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43215

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:41.063

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43215

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T18:15:09Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object