SB20260515106 - Out-of-bounds read in Linux kernel smb server



SB20260515106 - Out-of-bounds read in Linux kernel smb server

Published: May 15, 2026

Security Bulletin ID SB20260515106
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2026-43490)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to an out-of-bounds read and out-of-bounds write in smb_inherit_dacl() when processing a parent directory DACL from the security descriptor xattr during ACE inheritance. A remote user can provide a malformed inheritable ACE with an invalid SID length to cause a denial of service.

The issue occurs because the ACE can advertise more SID subauthorities than are actually present, which can lead to reads past the ACE and incorrect inherited ACE size accounting.


Remediation

Install update from vendor's website.