SB2026050922 - Improper control of a resource through its lifetime in Linux kernel smb client
Published: May 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-43362)
CWE-ID: CWE-664 - Improper control of a resource through its lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to corrupt data.
The vulnerability exists due to improper handling of in-place encryption in SMB2_write() when retrying write operations after replayable errors. A remote user can trigger write retries over an unstable SMB connection to corrupt data.
The issue is most likely to be observed when unstable connections cause reconnects and repeated write attempts.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/438e77435aee2894d5edf90be5c87004a57f6258
- https://git.kernel.org/stable/c/52327268224fb9ccc7ecfbbdfdfff54b6e93c518
- https://git.kernel.org/stable/c/92e64f1852f455f57d0850989e57c30d7fac7d95
- https://git.kernel.org/stable/c/aea5e37388a080361110ab5790f57ae0af383650
- https://git.kernel.org/stable/c/d78840a6a38d312dc1a51a65317bb67e46f0b929