Skip to main content

Linux Kernel EUVDEUVD-2026-27800

| CVE-2026-43239 HIGH
2026-05-06 Linux GHSA-5w3w-mcf7-v883
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:42 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
8.8 (HIGH)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:28 nvd
HIGH 8.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

smb: client: prevent races in ->query_interfaces()

It was possible for two query interface works to be concurrently trying to update the interfaces.

Prevent this by checking and updating iface_last_update under iface_lock.

AnalysisAI

Race condition in Linux kernel SMB client allows concurrent query interface work items to corrupt network interface state. Affects mainline Linux kernel and stable branches 6.6.x through 7.0. Exploitation requires user interaction (likely mounting/accessing SMB shares) but enables remote attackers to achieve high confidentiality, integrity, and availability impacts. Vendor patches available across multiple stable kernel branches (6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS exploitation probability extremely low (0.02%, 5th percentile), no active exploitation confirmed, POC status unknown.

Technical ContextAI

This vulnerability affects the CIFS/SMB client subsystem in the Linux kernel, specifically the query_interfaces() function responsible for negotiating network interface capabilities with SMB servers. The flaw stems from improper synchronization of concurrent work queue items that update server interface information. The iface_last_update timestamp and interface list can be modified by multiple worker threads simultaneously without adequate locking protection. While the iface_lock mutex exists, it was not being held during the critical check-and-update operation, creating a classic time-of-check-time-of-use (TOCTOU) race condition. The CPE strings indicate this affects the entire Linux kernel codebase from initial commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 forward until patched versions. The fix involves holding iface_lock during both the check of iface_last_update and the subsequent update operation to ensure atomicity. No CWE classification was assigned by NVD, though this would typically map to CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization - Race Condition).

RemediationAI

Upgrade to patched Linux kernel versions: 6.6.128 or later for 6.6.x branch, 6.12.75+ for 6.12.x, 6.18.16+ for 6.18.x, 6.19.6+ for 6.19.x, or 7.0+ for mainline. Kernel patches available from https://git.kernel.org/stable/ with commit IDs 93e8e3ee165a, ab6564f416a6, 6287eefaf21e, 76cc4faba034, and c3c06e42e152 for various branches. Distribution-specific packages should be obtained through official channels (apt/yum/dnf update). For systems unable to immediately patch, temporary risk reduction can be achieved by restricting SMB client usage to trusted networks only through firewall rules blocking outbound ports 445/TCP and 139/TCP to untrusted destinations, though this significantly limits SMB functionality. Another mitigation is disabling automatic SMB interface negotiation by avoiding concurrent mount operations, but this is operationally impractical and does not eliminate the vulnerability. These workarounds provide minimal protection and should not replace patching. No significant side effects expected from kernel updates within the same stable branch series. Reboot required to activate patched kernel.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27800 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy