Lyrie
Streams
CVE Deep DivesActive ExploitationResearchBreachesLyrie OriginalsAI Threats
SearchMethodology
Get Lyrie →
Critical CVE
CVSS 9.83 sources verified·1 min read
By Lyrie Threat Intelligence·5/11/2026

CRITICAL: CVE-2026-43379 (CVSS 9.8) — multiple products

CVE: CVE-2026-43379

CVSS: 9.8 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL

Status: Critical advisory

Affected

_See vendor advisory_

Summary

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()

opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being

accessed after rcu_read_unlock() has been called. This creates a

race condition where the memory could be freed by a concurrent

writer between the unlock and the subsequent pointer dereferences

(opinfo->is_lease, etc.), leading to a use-after-free.

Verified Sources

References

  • https://git.kernel.org/stable/c/960699317d39f46611f4ebeb69edc567c1f4e6b6
  • https://git.kernel.org/stable/c/b3568347c51c46e2cabc356bc34676df98296619
  • https://git.kernel.org/stable/c/bf4d66d72e4a9e268c1012c331ce9eaedb5e2086
  • https://git.kernel.org/stable/c/dbbd328cf58261ca239756fe1c0d10c9518d3399
  • https://git.kernel.org/stable/c/eac3361e3d5dd8067b3258c69615888eb45e9f25

_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._

Lyrie Verdict

A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.

#critical

Validated sources

  1. [1]NVD
  2. [2]GitHub Advisory
  3. [3]MITRE

Related Articles

cve deepdive
CRITICAL: CVE-2026-43465 (CVSS 9.8) — multiple products
2 min read · 3 sources
cve deepdive
CRITICAL: CVE-2026-43414 (CVSS 9.8) — multiple products
1 min read · 3 sources
cve deepdive
CRITICAL: CVE-2026-43407 (CVSS 9.1) — multiple products
2 min read · 3 sources