Description
In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()

opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being
accessed after rcu_read_unlock() has been called. This creates a
race condition where the memory could be freed by a concurrent
writer between the unlock and the subsequent pointer dereferences
(opinfo->is_lease, etc.), leading to a use-after-free.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the Linux kernel SMB component (ksmbd) causes a use‑after‑free when a pointer obtained via rcu_dereference(fp->f_opinfo) is accessed after rcu_read_unlock() has been called. This can result in the kernel dereferencing freed memory and is likely to cause a kernel panic or other unstable behavior.

Affected Systems

All Linux kernel builds that include the ksmbd SMB server are potentially affected. The CNA does not list a specific version range, so any kernel version that contains the unpatched ksmbd module could be vulnerable.

Risk and Exploitability

The CVSS score and EPSS are not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the race condition occurs in the ksmbd SMB server component and thus the attack vector is likely local or requires initiating SMB traffic to trigger the vulnerable code path. The defect can cause an invalid memory dereference inside the kernel, which typically results in a crash and a denial‑of‑service. No documented exploits provide arbitrary code execution or privilege escalation, so the impact remains limited to instability unless a future exploit is discovered.

Generated by OpenCVE AI on May 9, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a revision that includes the ksmbd use‑after‑free fix.
  • If a kernel update cannot be applied immediately, disable the ksmbd or SMB server to prevent the vulnerable code path from executing.
  • After applying the update or disabling the service, monitor kernel logs for crashes and perform a reboot to ensure the system runs the fixed kernel.

Generated by OpenCVE AI on May 9, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References

Fri, 08 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race condition where the memory could be freed by a concurrent writer between the unlock and the subsequent pointer dereferences (opinfo->is_lease, etc.), leading to a use-after-free.
Title ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:28.027Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43379

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:49.100

Modified: 2026-05-08T15:16:49.100

Link: CVE-2026-43379

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43379 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T04:30:17Z

Weaknesses