PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43378 Linux CVE debrief

CVE-2026-43378 is a critical Linux kernel vulnerability in the SMB server path. The kernel fix description says smb2_open() can dereference an opinfo pointer obtained via rcu_dereference(fp->f_opinfo) after rcu_read_unlock(), creating a use-after-free window. NVD rates the issue CVSS 9.8 with network attack vector and no privileges or user interaction required, so affected systems exposed through SMB should be prioritized for patching.

Vendor
Linux
Product
Unknown
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-20
Advisory published
2026-05-08
Advisory updated
2026-05-20

Who should care

Linux administrators, distro maintainers, cloud and appliance operators, and security teams managing systems that expose or rely on the Linux kernel SMB server path, especially where remote network access to SMB is possible.

Technical summary

The issue is a use-after-free in the Linux kernel smb:server code path, specifically smb2_open(). According to the provided source description, an opinfo pointer read with rcu_dereference(fp->f_opinfo) is used after rcu_read_unlock(), leaving a dangling-reference window. NVD maps the weakness to CWE-416 and lists affected kernel branches as 5.15 before 6.1.167, 6.2 before 6.6.130, 6.7 before 6.12.78, 6.13 before 6.18.19, 6.19 before 6.19.9, and 7.0-rc1 through 7.0-rc3.

Defensive priority

Critical. This is a remotely reachable kernel memory-safety issue with CVSS 9.8 and potential confidentiality, integrity, and availability impact. Patch as soon as practical on any system that uses the affected kernel versions and SMB server functionality.

Recommended defensive actions

  • Confirm whether the running kernel falls within the affected version ranges listed by NVD.
  • Prioritize installation of the relevant kernel stable fixes referenced by the official git.kernel.org patch links.
  • Restart systems only after the patched kernel is fully installed and validated, since kernel fixes require the updated image to be running.
  • Reduce exposure of SMB services where possible until remediation is complete.
  • Track downstream distro advisories for backported fixes if you use vendor kernels rather than mainline version numbers.

Evidence notes

All claims are limited to the provided CVE description and NVD metadata. The vulnerability description states the UAF window in smb2_open(); NVD provides the CWE-416 mapping, CVSS 3.1 vector, and affected kernel version ranges. No patch diff content was inspected from the linked kernel references, so this debrief does not assert implementation details beyond the supplied source text.

Official resources

CVE-2026-43378 was publicly disclosed on 2026-05-08. NVD last modified the record on 2026-05-20.