CVE-2026-43215
Race Condition in Linux Kernel CIFS Module
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel relates to improper locking usage in the CIFS (Common Internet File System) component, specifically for tcon (tree connection) fields.
Originally, a single lock called cifs_tcp_ses_lock was used to protect multiple objects, including server, session (ses), and tree connection (tcon) lists. Later, more granular locks (srv_lock, ses_lock, and tc_lock) were introduced to protect specific fields within their respective structures to avoid unnecessary serialization.
However, some uses of the old cifs_tcp_ses_lock remained for protecting tcon fields, which was incorrect. The vulnerability was fixed by replacing these remaining uses with the appropriate tc_lock, ensuring proper and granular locking.
How can this vulnerability impact me? :
Improper locking in kernel components like CIFS can lead to race conditions, data corruption, or system instability.
Because the vulnerability involved incorrect locking for tcon fields, it could potentially cause concurrency issues affecting file system operations over CIFS, possibly leading to crashes or data integrity problems.
Fixing the locking ensures more reliable and stable operation of CIFS in the Linux kernel.