CVE-2026-43185

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A signedness bug exists in the smb direct prepare negotiation() function. The function casts unsigned u32 values from sp->max recv size and req->preferred send size to signed integers before computing the minimum value. An attacker can provide a preferred send size of 0x80000000, which is interpreted as smaller than max recv size and used to set the maximum allowed receive size for the subsequent message. By sending a second message exceeding 1420 bytes, a heap buffer overflow can be achieved.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2026-43185

Affected Products

Linux

Linux-Allwinner-5.19

Linux-Aws

Linux-Aws-5.0

Linux-Aws-5.11

Linux-Aws-5.13

Linux-Aws-5.15

Linux-Aws-5.19

Linux-Aws-5.3

Linux-Aws-5.8

Linux-Aws-6.14

Linux-Aws-6.17

Linux-Aws-6.2

Linux-Aws-6.5

Linux-Aws-6.8

Linux-Aws-Fips

Linux-Azure

Linux-Azure-5.11

Linux-Azure-5.13

Linux-Azure-5.15

Linux-Azure-5.19

Linux-Azure-5.3

Linux-Azure-5.8

Linux-Azure-6.11

Linux-Azure-6.14

Linux-Azure-6.17

Linux-Azure-6.2

Linux-Azure-6.5

Linux-Azure-6.8

Linux-Azure-Edge

Linux-Azure-Fde

Linux-Azure-Fde-5.15

Linux-Azure-Fde-5.19

Linux-Azure-Fde-6.14

Linux-Azure-Fde-6.17

Linux-Azure-Fde-6.2

Linux-Azure-Fde-6.8

Linux-Azure-Fips

Linux-Azure-Nvidia

Linux-Azure-Nvidia-6.14

Linux-Bluefield

Linux-Fips

Linux-Gcp

Linux-Gcp-5.11

Linux-Gcp-5.13

Linux-Gcp-5.15

Linux-Gcp-5.19

Linux-Gcp-5.3

Linux-Gcp-5.8

Linux-Gcp-6.11

Linux-Gcp-6.14

Linux-Gcp-6.17

Linux-Gcp-6.2

Linux-Gcp-6.5

Linux-Gcp-6.8

Linux-Gcp-Fips

Linux-Gke

Linux-Gke-4.15

Linux-Gkeop-5.15

Linux-Gke-5.4

Linux-Gkeop

Linux-Hwe

Linux-Hwe-5.11

Linux-Hwe-5.13

Linux-Hwe-5.15

Linux-Hwe-5.19

Linux-Hwe-5.8

Linux-Hwe-6.11

Linux-Hwe-6.14

Linux-Hwe-6.17

Linux-Hwe-6.2

Linux-Hwe-6.5

Linux-Hwe-6.8

Linux-Hwe-Edge

Linux-Ibm

Linux-Ibm-5.15

Linux-Ibm-6.8

Linux-Intel-5.13

Linux-Intel-Iot-Realtime

Linux-Intel-Iotg

Linux-Intel-Iotg-5.15

Linux-Kvm

Linux-Lowlatency

Linux-Lowlatency-Hwe-5.15

Linux-Lowlatency-Hwe-5.19

Linux-Lowlatency-Hwe-6.11

Linux-Lowlatency-Hwe-6.2

Linux-Lowlatency-Hwe-6.5

Linux-Lowlatency-Hwe-6.8

Linux-Lts

Linux-Nvidia

Linux-Nvidia-6.11

Linux-Nvidia-6.17

Linux-Nvidia-6.2

Linux-Nvidia-6.5

Linux-Nvidia-6.8

Linux-Nvidia-Lowlatency

Linux-Nvidia-Tegra

Linux-Nvidia-Tegra-5.15

Linux-Nvidia-Tegra-Igx

Linux-Oem

Linux-Oem-5.10

Linux-Oem-5.13

Linux-Oem-5.14

Linux-Oem-5.17

Linux-Oem-5.6

Linux-Oem-6.0

Linux-Oem-6.1

Linux-Oem-6.11

Linux-Oem-6.14

Linux-Oem-6.17

Linux-Oem-6.5

Linux-Oem-6.8

Linux-Oracle

Linux-Oracle-5.0

Linux-Oracle-5.11

Linux-Oracle-5.13

Linux-Oracle-5.15

Linux-Oracle-5.3

Linux-Oracle-5.8

Linux-Oracle-6.14

Linux-Oracle-6.17

Linux-Oracle-6.5

Linux-Oracle-6.8

Linux-Raspi

Linux-Raspi-Realtime

Linux-Raspi2

Linux-Realtime

Linux-Realtime-6.14

Linux-Realtime-6.17

Linux-Realtime-6.8

Linux-Riscv

Linux-Riscv-5.11

Linux-Riscv-5.15

Linux-Riscv-5.19

Linux-Riscv-5.8

Linux-Riscv-6.14

Linux-Riscv-6.17

Linux-Riscv-6.5

Linux-Riscv-6.8

Linux-Starfive-5.19

Linux-Starfive-6.2

Linux-Starfive-6.5

Linux-Xilinx

Linux-Xilinx-Zynqmp

Linux Kernel

CVE-2026-43185

Weakness Enumeration

Related Identifiers

Affected Products

References · 16