Description
In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()

opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being
accessed after rcu_read_unlock() has been called. This creates a
race condition where the memory could be freed by a concurrent
writer between the unlock and the subsequent pointer dereferences
(opinfo->is_lease, etc.), leading to a use-after-free.
Published: 2026-05-08
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the ksmbd SMB server component of the Linux kernel allows a use‑after‑free when the function pointer opinfo is dereferenced after releasing the RCU lock. This flaw can cause the kernel to read freed memory, potentially leading to a crash (kernel panic) or other instability. While it does not provide a known path to arbitrary code execution or privilege escalation, it can be leveraged to disrupt service availability.

Affected Systems

All Linux kernel releases that include the default ksmbd module without the recent patch are affected. The vulnerability is present in the ksmbd implementation part of the kernel and applies to any distribution that ships this component in its standard kernel image. No specific version range was listed in the advisory; therefore any kernel with the unpatched ksmbd code is potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates very high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. Based on the description, it is inferred that the race condition would be triggered by SMB traffic or local interaction with the ksmbd service. Exploitation would likely result in a kernel crash that causes a denial of service, but no documented exploit provides remote code execution or privilege escalation.

Generated by OpenCVE AI on May 19, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a revision that incorporates the ksmbd use‑after‑free fix (commit 9606993 or later).
  • If a kernel update cannot be performed immediately, disable the ksmbd SMB server or all SMB services to eliminate the vulnerable code path.
  • Reboot the system after applying the patch or disabling the service, and monitor kernel logs for any crash indications to confirm that the issue no longer occurs.

Generated by OpenCVE AI on May 19, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*

Mon, 11 May 2026 07:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Sat, 09 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References

Fri, 08 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race condition where the memory could be freed by a concurrent writer between the unlock and the subsequent pointer dereferences (opinfo->is_lease, etc.), leading to a use-after-free.
Title ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:53.273Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43379

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T15:16:49.100

Modified: 2026-05-19T19:56:32.510

Link: CVE-2026-43379

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43379 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T21:30:14Z

Weaknesses