CVE-2026-43490

A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel Server Message Block (SMB) server. A remote attacker could exploit this vulnerability by providing a malformed inheritable Access Control Entry (ACE) within a security descriptor. This could lead to an out-of-bounds read or write operation, potentially causing a denial of service (DoS) or information disclosure. The flaw occurs because the system does not properly validate the length of the Security Identifier (SID) within the ACE during inheritance.