AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-43350: In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before rea

infovulnerability

security

Source: NVD/CVE DatabaseMay 8, 2026CVE-2026-43350

Summary

A vulnerability in the Linux kernel's SMB (Server Message Block, the protocol for file sharing) client allows a malicious server to trick the system into reading memory beyond the bounds of a data structure called an ACE (access control entry). The bug occurs because the code checks if an ACE matches a special NFS mode SID (security identifier, a unique value representing users or groups) but doesn't verify the ACE has enough data before reading from it.

Solution / Mitigation

Require num_subauth >= 3 before treating the ACE as an NFS mode SID. This check ensures the ACE carries three subauthorities before the code attempts to read the mode bits from sub_auth[2].

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

May 8, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-43350

First tracked: May 8, 2026 at 02:11 PM

Classified by LLM (prompt v3) · confidence: 95%