Out-of-Bounds Read in Linux Kernel SMB Client Affects Multiple Versions
CVE-2026-31708

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31708?

A vulnerability in the Linux kernel's SMB client can lead to an out-of-bounds read when handling QUERY_INFO requests. The flaw arises due to the lack of proper validation on the response length from malicious servers, allowing them to return a larger OutputBufferLength than the actual response. This oversight could enable an attacker to expose adjacent kernel heap memory to userspace, leading to potential data leakage or system compromise. The vulnerability has been addressed by implementing a bounds check and using structured size calculations to prevent overflows, thus securing user memory access during the QUERY_INFO process.

Affected Version(s)

Linux f5778c398713692a16150ae96e5c8270bab8399f

Linux f5778c398713692a16150ae96e5c8270bab8399f < 078fae8f50adebb903ccf2252b44391324571e78

References

https://git.kernel.org/stable/c/a34d456934fe42e4da5d2cc07...

https://git.kernel.org/stable/c/ac2f14e4705d020f04e806efa...

https://git.kernel.org/stable/c/078fae8f50adebb903ccf2252...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31708 Data

JSON