CVE-2026-43239

/* * PoC Concept: Race Condition in SMB Client Interface Update * This code simulates the vulnerable logic where two threads * update the shared interface state without proper locking. */ #include <stdio.h> #include <pthread.h> #include <unistd.h> // Simulating the vulnerable kernel structure struct iface_info { long long last_update; int data; }; struct iface_info global_iface = {0, 0}; // Simulate the vulnerable ->query_interfaces() work function void* malicious_query_work(void* arg) { printf("[Thread %ld] Starting query work...\n", (long)arg); // Vulnerable check: Read last_update without lock long long current_time = time(NULL); if (global_iface.last_update < current_time) { // Simulate processing delay to widen the race window usleep(1000); // Vulnerable update: Write to shared resource without lock // Two threads may do this simultaneously based on the same check global_iface.last_update = current_time; global_iface.data++; printf("[Thread %ld] Updated interface data to: %d\n", (long)arg, global_iface.data); } return NULL; } int main() { pthread_t t1, t2; printf("Starting PoC to trigger race condition...\n"); // Create two threads to simulate concurrent query works pthread_create(&t1, NULL, malicious_query_work, (void*)1); pthread_create(&t2, NULL, malicious_query_work, (void*)2); pthread_join(t1, NULL); pthread_join(t2, NULL); printf("Final interface data: %d (Inconsistent state possible)\n", global_iface.data); return 0; }

{"cve": {"id": "CVE-2026-43239", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-06T12:16:44.217", "lastModified": "2026-05-12T18:53:28.560", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: prevent races in ->query_interfaces()\n\nIt was possible for two query interface works to be concurrently trying\nto update the interfaces.\n\nPrevent this by checking and updating iface_last_update under\niface_lock."}], "metrics": {"cvssMetricV31": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19.1", "versionEndExcluding": "6.6.128", "matchCriteriaId": "56F16825-A54F-4D43-88F1-ED26D4FB0F71"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.75", "matchCriteriaId": "BCE16369-98ED-41CF-8995-DFDC10B288D2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.16", "matchCriteriaId": "B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.6", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:-:*:*:*:*:*:*", "matchCriteriaId": "9D759CCF-9E1B-41B2-81AA-CB580C5F3EEC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "2E9C0DB0-D349-489F-A3D6-B77214E93A8A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "1A0DE3B7-0FFB-45AA-9BD6-19870CA7C6FD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "00AE778B-BAEE-49EB-9F84-003B73D7862A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "C178431E-AD82-4B3D-B70F-A273A02ABD5D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc8:*:*:*:*:*:*", "matchCriteriaId": "2CF5D19C-C418-4B57-B52D-7795547F4096"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6287eefaf21ec805d42f941bd368018cf397a7f5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/76cc4faba0343c6db945b8dc75425b33d633e1b8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/93e8e3ee165ae4609a1222b516b573837103d2c3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ab6564f416a6eaf1199200b6100952407b438f7d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/c3c06e42e1527716c54f3ad2ced6a034b5f3a489", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}