In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free by using call_rcu() for oplock_info

ksmbd currently frees oplock_info immediately using kfree(), even
though it is accessed under RCU read-side critical sections in places
like opinfo_get() and proc_show_files().

Since there is no RCU grace period delay between nullifying the pointer
and freeing the memory, a reader can still access oplock_info
structure after it has been freed. This can leads to a use-after-free
especially in opinfo_get() where atomic_inc_not_zero() is called on
already freed memory.

Fix this by switching to deferred freeing using call_rcu().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
296cb5457cc6f4a754c4ae29855f8a253d52bcc6 affected < 302fef75512b2c8329a3f5efab1ae7ba2562387a
d54ab1520d43e95f9b2e22d7a05fc9614192e5a5 affected < 08aa9f3c8cf4d0bee44df540dfe34e8d64069f2c
18b4fac5ef17f77fed9417d22210ceafd6525fc7 affected < 1d6abf145615dbfe267ce3b0a271f95e3780e18e
18b4fac5ef17f77fed9417d22210ceafd6525fc7 affected < ce8507ee82c888126d8e7565e27c016308d24cde
18b4fac5ef17f77fed9417d22210ceafd6525fc7 affected < 1dfd062caa165ec9d7ee0823087930f3ab8a6294
d73686367ad68534257cd88a36ca3c52cb8b81d8 affected
Linux Linux affected
Version Status Constraints
6.15 affected
0 unaffected < 6.15
6.6.130 unaffected ≤ 6.6.*
6.12.78 unaffected ≤ 6.12.*
6.18.19 unaffected ≤ 6.18.*
6.19.9 unaffected ≤ 6.19.*
7.0 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/08aa9f3c8cf4d0bee44df540dfe34e8d64069f2c cve-icon cve-icon
https://git.kernel.org/stable/c/1d6abf145615dbfe267ce3b0a271f95e3780e18e cve-icon cve-icon
https://git.kernel.org/stable/c/1dfd062caa165ec9d7ee0823087930f3ab8a6294 cve-icon cve-icon
https://git.kernel.org/stable/c/302fef75512b2c8329a3f5efab1ae7ba2562387a cve-icon cve-icon
https://git.kernel.org/stable/c/ce8507ee82c888126d8e7565e27c016308d24cde cve-icon cve-icon
History

Fri, 08 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even though it is accessed under RCU read-side critical sections in places like opinfo_get() and proc_show_files(). Since there is no RCU grace period delay between nullifying the pointer and freeing the memory, a reader can still access oplock_info structure after it has been freed. This can leads to a use-after-free especially in opinfo_get() where atomic_inc_not_zero() is called on already freed memory. Fix this by switching to deferred freeing using call_rcu().
Title ksmbd: fix use-after-free by using call_rcu() for oplock_info
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:25.854Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43376

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:48.760

Modified: 2026-05-08T15:16:48.760

Link: CVE-2026-43376

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T16:15:12Z

Weaknesses