CVE-2026-43112
fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath
Description
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 - 1) before cursor2 has advanced. This results in an out-of-bounds read. This patch adds an early exit check after stripping prepended delimiters. If no path content remains, the function returns NULL. The bug was identified via manual audit and verified using a standalone test case compiled with AddressSanitizer, which triggered a SEGV on affected inputs.
INFO
Published Date :
May 6, 2026, 10:16 a.m.
Last Modified :
May 8, 2026, 7:43 p.m.
Remotely Exploit :
Yes !
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Solution
- Update the Linux kernel to a patched version.
- Apply the provided patch for fs/smb/client.
- Verify the fix using relevant test cases.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-43112.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-43112 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-43112
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-43112 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-43112 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
May. 08, 2026
Action Type Old Value New Value Added CWE CWE-125 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc7:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc8:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.24 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.19 up to (excluding) 6.19.14 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.83 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16.1 up to (excluding) 6.6.136 Added Reference Type kernel.org: https://git.kernel.org/stable/c/2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/5d4fe469fe7dbff7d874c196bb680a82f2625d95 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/78ec5bf2f589ec7fd8f169394bfeca541b077317 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/86f9c23e0814cfdffda9eedf0c591c51ba209010 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 08, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 06, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 - 1) before cursor2 has advanced. This results in an out-of-bounds read. This patch adds an early exit check after stripping prepended delimiters. If no path content remains, the function returns NULL. The bug was identified via manual audit and verified using a standalone test case compiled with AddressSanitizer, which triggered a SEGV on affected inputs. Added Reference https://git.kernel.org/stable/c/2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439 Added Reference https://git.kernel.org/stable/c/49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3 Added Reference https://git.kernel.org/stable/c/5d4fe469fe7dbff7d874c196bb680a82f2625d95 Added Reference https://git.kernel.org/stable/c/78ec5bf2f589ec7fd8f169394bfeca541b077317 Added Reference https://git.kernel.org/stable/c/86f9c23e0814cfdffda9eedf0c591c51ba209010