Out-of-Bounds Write Vulnerability in Linux Kernel's KSmbd SMB2 Functionality
CVE-2026-31705

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31705?

The vulnerability in the Linux kernel's ksmbd component arises from a failure to properly check buffer boundaries before writing alignment padding during SMB2 operations. Specifically, when handling Extended Attributes (EAs) in the smb2_get_ea() function, the code sets 4-byte alignment padding unconditionally after writing each EA entry. This oversight can lead to out-of-bounds writes when the buffer length is insufficient, potentially overwriting adjacent kernel heap memory. Proper bounds checks must be implemented before performing these writes to mitigate this risk, which parallels previous fixes for similar vulnerabilities in compound request handling.

Affected Version(s)

Linux e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d

Linux e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d < 98f3de6ef4efbd899348d333f0902dc4ff14380c

Linux e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d < 790304c02bf9bd7b8171feda4294d6e62d32ae8f

References

https://git.kernel.org/stable/c/ffbce350c6fd1e99116ea5738...

https://git.kernel.org/stable/c/98f3de6ef4efbd899348d333f...

https://git.kernel.org/stable/c/790304c02bf9bd7b8171feda4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31705 Data

JSON