Home/CVE/In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanit
CVE

CVE-2026-43112

In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanit

In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 - 1) before cursor2 has advanced. This results in an out-of-bounds read. This patch adds an early exit check after stripping prepended delimiters.

If no path content remains, the function returns NULL. The bug was identified via manual audit and verified using a standalone test case compiled with AddressSanitizer, which triggered a SEGV on affected inputs.

HIGH · CVSS 8.8 EPSS 0.00051
Schedule remediation
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0

Weakness Classification

CWE-125Out-of-bounds Read

Affected Products & Versions

5
linux kernel>= 5.16.1 and < 6.6.136
linux kernel>= 6.7 and < 6.12.83
linux kernel>= 6.13 and < 6.18.24
linux kernel>= 6.19 and < 6.19.14
linux kernelall versions

Scoring & Timeline

8.8
HIGH · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
View on NVD
Attack Vector
Network Adjacent Local Physical
Attack Complexity
Low High
Privileges Required
None Low High
User Interaction
None Required
Scope
Unchanged Changed
Confidentiality
None Low High
Integrity
None Low High
Availability
None Low High
Published to NVD06 May 2026 · 10:16 AM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
🔗

References & Sources

5
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
https://git.kernel.org/stable/c/2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439Patch
https://git.kernel.org/stable/c/49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3Patch
https://git.kernel.org/stable/c/5d4fe469fe7dbff7d874c196bb680a82f2625d95Patch
https://git.kernel.org/stable/c/78ec5bf2f589ec7fd8f169394bfeca541b077317Patch
https://git.kernel.org/stable/c/86f9c23e0814cfdffda9eedf0c591c51ba209010Patch
Intelligence Graph · click any node to traverse
CVETechnique ActorTool Family
drag to reposition · click any node to traverse · button top-right enlarges
External lookups - second-class, for what we don’t hold ourselves
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin