CVE-2026-43379 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 11, 2026
Linux kernel - Use After Free
Published: May 8, 2026Updated: May 11, 2026Remote Exploitable
Overview
Linux kernel contains a use-after-free vulnerability caused by accessing opinfo pointer after rcu_read_unlock() in ksmbd smb_lazy_parent_lease_break_close(), letting attackers cause memory corruption or system crash, exploit requires concurrent access.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause memory corruption or system crash, potentially leading to denial of service or code execution.
Mitigation
Update to the latest Linux kernel version with the fix applied.
References
- https://git.kernel.org/stable/c/eac3361e3d5dd8067b3258c69615888eb45e9f25
- https://git.kernel.org/stable/c/960699317d39f46611f4ebeb69edc567c1f4e6b6
- https://git.kernel.org/stable/c/b3568347c51c46e2cabc356bc34676df98296619
- https://git.kernel.org/stable/c/bf4d66d72e4a9e268c1012c331ce9eaedb5e2086
- https://git.kernel.org/stable/c/dbbd328cf58261ca239756fe1c0d10c9518d3399
Related Resources
Details
- CVE ID
- CVE-2026-43379
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- use_after_free
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H