CVE-2026-43112
Published: May 6, 2026
Modified: Jun 1, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 - 1) before cursor2 has advanced. This results in an out-of-bounds read. This patch adds an early exit check after stripping prepended delimiters. If no path content remains, the function returns NULL. The bug was identified via manual audit and verified using a standalone test case compiled with AddressSanitizer, which triggered a SEGV on affected inputs.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c63433a09d6ae4c226fcbc66da4c58fc189fd746 - < a2ba20c17de8eb028f96b1d85f119d3d25655bd9affected a31080899d5fdafcccf7f39dd214a814a2c82626 - < fbced33599653471b4581dfe1abc7b467031f126affected a31080899d5fdafcccf7f39dd214a814a2c82626 - < 5d4fe469fe7dbff7d874c196bb680a82f2625d95affected a31080899d5fdafcccf7f39dd214a814a2c82626 - < 2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439affected a31080899d5fdafcccf7f39dd214a814a2c82626 - < 86f9c23e0814cfdffda9eedf0c591c51ba209010+3 more versions |
Linux | Linux | affected 5.16unaffected 0 - < 5.16unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*unaffected 6.6.136 - <= 6.6.*+4 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now