CVE-2026-43112
Awaiting Analysis Awaiting Analysis - Queue
Out-of-Bounds Read in Linux Kernel SMB Client

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 - 1) before cursor2 has advanced. This results in an out-of-bounds read. This patch adds an early exit check after stripping prepended delimiters. If no path content remains, the function returns NULL. The bug was identified via manual audit and verified using a standalone test case compiled with AddressSanitizer, which triggered a SEGV on affected inputs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43112
EUVD
EUVD-2026-27634
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's SMB client code, specifically in the function cifs_sanitize_prepath. When this function is called with an empty string or a string containing only delimiters such as "/", it attempts to read memory before the start of the string, causing an out-of-bounds read.

The issue arises because the code checks the character before the current cursor position without ensuring the cursor has advanced, leading to invalid memory access.

The fix involves adding an early exit after removing leading delimiters; if no valid path content remains, the function returns NULL to prevent the out-of-bounds read.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to perform an out-of-bounds read, which may lead to a segmentation fault (SEGV) and crash the affected system or process.

Such crashes can result in denial of service conditions, potentially disrupting normal operations that rely on SMB client functionality.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability was identified via manual audit and verified using a standalone test case compiled with AddressSanitizer, which triggered a segmentation fault (SEGV) on affected inputs.

There are no specific commands or network detection methods provided to detect this vulnerability on your system or network.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by a patch that adds an early exit check in the cifs_sanitize_prepath function to prevent out-of-bounds reads.

Immediate mitigation steps would include updating the Linux kernel to a version that includes this patch.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart