QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-43378

Back to search

CVE-2026-43378

Published: May 8, 2026

Modified: May 20, 2026

PUBLISHED

CVSS v3.1

9.8

CRITICAL

Description

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window.

VendorProductVersions

Linux

Linux

affected
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < e1b21e6066615e7d3d3a7aa2677e415e563fd7cc
affected
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < b720c84087cb547f23ce03eab93568c1769e4556
affected
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 54b48ae83de8bb06e65079d96368efe359d4909c
affected
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 8f5b1a7cb009a93c48e9e334a2f59a660f9afc07
affected
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 190e5f808e8058640b408ccfed25440b441a718a

+1 more versions

Linux

Linux

affected
5.15
unaffected
0 - < 5.15
unaffected
6.1.167 - <= 6.1.*
unaffected
6.6.130 - <= 6.6.*
unaffected
6.12.78 - <= 6.12.*

+3 more versions

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now