Improper control of a resource through its lifetime in Linux kernel - CVE-2026-43362
Published: May 9, 2026
Vulnerability identifier: #VU130814
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-43362
CWE-ID: CWE-664
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote user to corrupt data.
The vulnerability exists due to improper handling of in-place encryption in SMB2_write() when retrying write operations after replayable errors. A remote user can trigger write retries over an unstable SMB connection to corrupt data.
The issue is most likely to be observed when unstable connections cause reconnects and repeated write attempts.
How to mitigate CVE-2026-43362
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/438e77435aee2894d5edf90be5c87004a57f6258
- https://git.kernel.org/stable/c/52327268224fb9ccc7ecfbbdfdfff54b6e93c518
- https://git.kernel.org/stable/c/92e64f1852f455f57d0850989e57c30d7fac7d95
- https://git.kernel.org/stable/c/aea5e37388a080361110ab5790f57ae0af383650
- https://git.kernel.org/stable/c/d78840a6a38d312dc1a51a65317bb67e46f0b929