SB20260515106 - Out-of-bounds read in Linux kernel smb server
Published: May 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-43490)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to an out-of-bounds read and out-of-bounds write in smb_inherit_dacl() when processing a parent directory DACL from the security descriptor xattr during ACE inheritance. A remote user can provide a malformed inheritable ACE with an invalid SID length to cause a denial of service.
The issue occurs because the ACE can advertise more SID subauthorities than are actually present, which can lead to reads past the ACE and incorrect inherited ACE size accounting.
Remediation
Install update from vendor's website.