CVE-2026-43379 PUBLISHED

ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()

Assigner: Linux
Reserved: 01.05.2026 Published: 08.05.2026 Updated: 08.05.2026

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()

opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race condition where the memory could be freed by a concurrent writer between the unlock and the subsequent pointer dereferences (opinfo->is_lease, etc.), leading to a use-after-free.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 27b40b7bfcd121fe13a150ffe11957630cf49246 to bf4d66d72e4a9e268c1012c331ce9eaedb5e2086 (excl.)
  • affected from 5fb282ba4fef8985a5acf2b32681f2ec07732561 to 960699317d39f46611f4ebeb69edc567c1f4e6b6 (excl.)
  • affected from 5fb282ba4fef8985a5acf2b32681f2ec07732561 to dbbd328cf58261ca239756fe1c0d10c9518d3399 (excl.)
  • affected from 5fb282ba4fef8985a5acf2b32681f2ec07732561 to b3568347c51c46e2cabc356bc34676df98296619 (excl.)
  • affected from 5fb282ba4fef8985a5acf2b32681f2ec07732561 to eac3361e3d5dd8067b3258c69615888eb45e9f25 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.9 is affected
  • unaffected from 0 to 6.9 (excl.)
  • unaffected from 6.6.130 to 6.6.* (incl.)
  • unaffected from 6.12.78 to 6.12.* (incl.)
  • unaffected from 6.18.19 to 6.18.* (incl.)
  • unaffected from 6.19.9 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References