CVE-2026-43376

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the ksmbd module. The system frees the oplock info structure immediately using kfree(), while it is still being accessed under RCU (Read-Copy-Update) read-side critical sections in functions such as opinfo get() and proc show files(). Because there is no RCU grace period delay between nullifying the pointer and freeing the memory, a reader may access the oplock info structure after it has been freed, specifically when atomic inc not zero() is called on freed memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.