CVE-2026-43112

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds read exists in the cifs sanitize prepath() function. This occurs when the function is called with an empty string or a string consisting solely of delimiters, such as "/". The logic attempts to access memory at *(cursor2 - 1) before the cursor2 variable has advanced, leading to a segmentation fault (SEGV).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.