CVE-2026-43378

CRITICAL

Linux - Use-After-Free in SMB2 Open Function

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window.

References (6)

Core 6

Core References

https://git.kernel.org/stable/c/e1b21e6066615e7d3d3a7aa2677e415e563fd7cc

https://git.kernel.org/stable/c/b720c84087cb547f23ce03eab93568c1769e4556

https://git.kernel.org/stable/c/54b48ae83de8bb06e65079d96368efe359d4909c

https://git.kernel.org/stable/c/8f5b1a7cb009a93c48e9e334a2f59a660f9afc07

https://git.kernel.org/stable/c/190e5f808e8058640b408ccfed25440b441a718a

https://git.kernel.org/stable/c/1e689a56173827669a35da7cb2a3c78ed5c53680

Scores

CVSS v3 9.8

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (22)

Linux/Linux < 5.15

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 190e5f808e8058640b408ccfed25440b441a718a

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1e689a56173827669a35da7cb2a3c78ed5c53680

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 54b48ae83de8bb06e65079d96368efe359d4909c

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 8f5b1a7cb009a93c48e9e334a2f59a660f9afc07

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - b720c84087cb547f23ce03eab93568c1769e4556

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - e1b21e6066615e7d3d3a7aa2677e415e563fd7cc

Linux/Linux 5.15

Linux/Linux 6.1.167 - 6.1.*

Linux/Linux 6.12.78 - 6.12.*

... and 12 more

Published May 08, 2026

Tracked Since May 08, 2026