PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43362 Git CVE debrief

CVE-2026-43362 is a Linux kernel SMB client integrity issue that can corrupt file contents when an SMB2 write is retried after a replayable error. The supplied record says SMB2_write() stores payload data in rq_iov, smb3_init_transform_rq() pointer-shares that buffer, and crypt_message() encrypts iov[1] in place. If the client retries the request, it may resend ciphertext instead of the original plaintext. The problem is most likely to show up on unstable connections that trigger reconnects and write retries.

Vendor
Git
Product
Unknown
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-11
Advisory published
2026-05-08
Advisory updated
2026-05-11

Who should care

Linux administrators, storage and endpoint teams, and anyone using SMB/CIFS shares where write integrity matters, especially in environments with unreliable network links or frequent reconnects. Systems using affected SMB client paths should treat this as a high-priority integrity issue.

Technical summary

The bug is in the SMB client write path. SMB2_write() places payload in rq_iov; smb3_init_transform_rq() shares that iov buffer, so encryption modifies the original write data in place. On a retryable failure, the same iov entry can be reused and the client can retransmit already-encrypted bytes, producing corruption. The description says the issue affects SFU mknod, MF symlinks, and similar paths; it also says sync writes on kernels before 6.10, prior to the netfs conversion, were similarly affected, while the async path was not affected because rq_iter is deep-copied.

Defensive priority

High. The issue is network-reachable in the sense that SMB clients can trigger it during normal remote file operations, and the result is silent data corruption rather than a crash. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H.

Recommended defensive actions

  • Apply the kernel fix referenced by the stable commit links in the record.
  • Prioritize patching SMB/CIFS clients that write to remote shares, especially systems exposed to unstable links or frequent reconnects.
  • Validate that any deployed kernel branch includes the SMB client fix for in-place encryption corruption in SMB2_write().
  • Monitor for unexplained file corruption on SMB-mounted systems until remediation is complete.
  • If you maintain older kernels, review whether the pre-6.10 sync write path is present and covered by the fix.

Evidence notes

The supplied CVE description and NVD record both identify an SMB client write corruption bug in the Linux kernel. The record states that rq_iov pointer-sharing allows crypt_message() to encrypt the write payload in place, so a replayable retry can resend ciphertext and corrupt data. The NVD CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H, and the record includes five kernel stable commit references supporting the fix.

Official resources

Supplied CVE publication time: 2026-05-08T15:16:47.133Z. Supplied record modification time: 2026-05-11T08:16:11.150Z. Use the publication timestamp as the CVE timing context.