A flaw was found in Samba from 4.3.0 versions. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. This could result in a Denial of Service attack.
External Reference: https://www.samba.org/samba/security/CVE-2018-16841.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1654082]
Acknowledgments: Name: The Samba Team Upstream: Alex MacCuish
Statement: This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.