CVE-2026-43376 Git CVE debrief

Who should care

Linux kernel maintainers, distribution security teams, and operators running ksmbd-enabled systems should treat this as high priority. Any environment exposing SMB services through ksmbd should review patch status and release notes promptly.

Technical summary

The issue is a lifetime-management bug in ksmbd’s oplock_info handling. The code path nullifies the pointer and frees memory immediately, but readers in RCU critical sections may still dereference the object after the free. The CVE description specifically calls out opinfo_get(), where atomic_inc_not_zero() may run against already freed memory. The fix is to replace immediate kfree() with call_rcu() so the object is released only after an RCU grace period.

Defensive priority

Critical. The CVSS vector provided by the source is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8), which indicates a remotely reachable, low-complexity issue with severe confidentiality, integrity, and availability impact potential.

Recommended defensive actions

• Verify whether your kernel build includes the ksmbd fix that switches oplock_info cleanup to call_rcu().
• Prioritize patching or upgrading any systems that expose ksmbd-based SMB service.
• Check vendor advisories and downstream kernel packaging notes for backported fixes.
• If immediate patching is not possible, reduce exposure of ksmbd services to trusted networks only and monitor for abnormal SMB-related kernel behavior.
• Track the official CVE and NVD records for any updated affected-version guidance or downstream remediation details.

Evidence notes

All statements above are derived from the provided CVE description, its CVSS vector, the published and modified timestamps, and the NVD-listed kernel.org stable commit references. No affected-version range was asserted because it was not present in the supplied corpus. No exploitability claims beyond the CVSS vector and CVE text were added.

Official resources