Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Linux Kernel ksmbd Vulnerability: Heap Buffer Overflow Risk
DEBIAN-CVE-2026-43185
Summary
A vulnerability in the Linux kernel's ksmbd component could allow an attacker to cause a heap buffer overflow, potentially leading to system instability or crashes. This issue affects Linux systems using ksmbd, which is used for SMB file sharing. To protect against this vulnerability, ensure your Linux kernel is up-to-date with the latest patches.
What to do
- Update debian linux to version 6.19.6-1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:12 | debian | linux | All versions |
| Debian:13 | debian | linux | All versions |
| Debian:14 | debian | linux |
< 6.19.6-1 Fix: upgrade to 6.19.6-1
|
Original title
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value ...
Original description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value from sp->max_recv_size and req->preferred_send_size to a signed int before computing min_t(int, ...). A maliciously provided preferred_send_size of 0x80000000 will return as smaller than max_recv_size, and then be used to set the maximum allowed alowed receive size for the next message. By sending a second message with a large value (>1420 bytes) the attacker can then achieve a heap buffer overflow. This fix replaces min_t(int, ...) with min_t(u32)
osv CVSS3.1
9.8
- https://security-tracker.debian.org/tracker/CVE-2026-43185 Vendor Advisory
Published: 6 May 2026 · Updated: 9 May 2026 · First seen: 9 May 2026