Integer Overflow Vulnerability in Linux Kernel's ksmbd Component
CVE-2026-31707

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31707?

A vulnerability exists in the Linux kernel's ksmbd component where improper validation of response sizes can lead to integer overflow. Specifically, the ipc_validate_msg() function incorrectly computes expected message sizes for RPC requests, share configurations, and login requests. This flaw could allow attackers to manipulate message sizes, bypassing essential size checks and potentially leading to memory corruption and exploitation in downstream processes. To mitigate risks, it is crucial to implement size checks using check_add_overflow() for the relevant requests while ensuring lengths are verified comprehensively at the IPC boundary.

Affected Version(s)

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 7dd0c858e1909769a4c91842724315ee74f1a5f1

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 299db777ea0cfa5c407e41b045c24a14c034c27b

Linux 0626e6641f6b467447c81dd7678a69c66f7746cf < 99c631d0366c1eab8fb188fe66425f4581ebdde4

References

https://git.kernel.org/stable/c/7dd0c858e1909769a4c918427...

https://git.kernel.org/stable/c/299db777ea0cfa5c407e41b04...

https://git.kernel.org/stable/c/99c631d0366c1eab8fb188fe6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31707 Data

JSON