CVE-2026-43185

A flaw was found in ksmbd within the Linux kernel. A remote attacker can exploit a signedness bug in the smb_direct_prepare_negotiation() function by sending a specially crafted preferred_send_size value during SMB direct negotiation. This manipulation leads to an incorrect size calculation, allowing a subsequent large message to trigger a heap buffer overflow. A successful exploit could result in arbitrary code execution or a denial of service.