HIGH
smb QueryInterface Race
CVE-2026-43239
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
KernelScan AI3.3LOW
01Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in ->query_interfaces() It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating iface_last_update under iface_lock.
02KernelScan AI Analysis
Risk summary
A race condition in the SMB client's interface query mechanism could allow concurrent updates to corrupt the network interface list. This affects systems using SMB/CIFS mounts and could lead to connection instability or incorrect interface selection.
Vulnerability analysis
The vulnerability stems from a time-of-check-time-of-use race in SMB3_request_interfaces() where the rate limiting check on iface_last_update occurred outside the protective iface_lock. Two concurrent query interface work items could both see a stale timestamp and proceed to update the interface list simultaneously, potentially corrupting the data structure. The fix moves both the timestamp check and update inside the lock's critical section, ensuring atomic check-and-set semantics that prevent concurrent modifications.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.12 | 6.12.75 | ab6564f416a6 |
| 6.18 | 6.18.16 | 6287eefaf21e |
| 6.19 | 6.19.6 | 76cc4faba034 |
| 6.6 | 6.6.128 | 93e8e3ee165a |
| mainline | 7.0 | c3c06e42e152 |