Critical severity9.8NVD Advisory· Published May 8, 2026· Updated May 12, 2026

CVE-2026-43379

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()

opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race condition where the memory could be freed by a concurrent writer between the unlock and the subsequent pointer dereferences (opinfo->is_lease, etc.), leading to a use-after-free.

Affected products

Torvalds/Linuxinferred

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000