Heap Allocation Vulnerability in Linux Kernel's ksmbd with Potential for Denial of Service
CVE-2026-31706

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31706?

The Linux kernel's ksmbd implementation has a vulnerability where it improperly validates the number of Access Control Entries (ACEs) specified in its inheritance mechanism. This issue occurs when an authenticated client can manipulate the security descriptor's NTACL, leading to excessive heap allocations. A tampered ACE count can prompt a substantial but partially populated memory allocation, potentially triggering a denial of service through resource exhaustion. By enhancing validation checks and ensuring safe memory allocation practices, this vulnerability has been mitigated, safeguarding users from potential exploits.

Affected Version(s)

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 063a7409b0de46d7c770b65bb0338e6fdb3b1f0a

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 3e5360b422dd741cb315654a191fa73869a37414

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 59c32abaaec9cdd6164811c7e864e72f7554b82d

References

https://git.kernel.org/stable/c/063a7409b0de46d7c770b65bb...

https://git.kernel.org/stable/c/3e5360b422dd741cb315654a1...

https://git.kernel.org/stable/c/59c32abaaec9cdd6164811c7e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31706 Data

JSON