In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free by using callrcu() for oplockinfo
ksmbd currently frees oplockinfo immediately using kfree(), even though it is accessed under RCU read-side critical sections in places like opinfoget() and procshowfiles().
Since there is no RCU grace period delay between nullifying the pointer and freeing the memory, a reader can still access oplockinfo structure after it has been freed. This can leads to a use-after-free especially in opinfoget() where atomicincnot_zero() is called on already freed memory.
Fix this by switching to deferred freeing using call_rcu().
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43376.json",
"cna_assigner": "Linux"
}