SB2026050922 - Improper control of a resource through its lifetime in Linux kernel smb client



SB2026050922 - Improper control of a resource through its lifetime in Linux kernel smb client

Published: May 9, 2026

Security Bulletin ID SB2026050922
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-43362)

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to corrupt data.

The vulnerability exists due to improper handling of in-place encryption in SMB2_write() when retrying write operations after replayable errors. A remote user can trigger write retries over an unstable SMB connection to corrupt data.

The issue is most likely to be observed when unstable connections cause reconnects and repeated write attempts.


Remediation

Install update from vendor's website.