DACL Validation Vulnerability in Linux Kernel Affects SMB Client by Multiple Vendors
CVE-2026-31709

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31709?

The Linux kernel SMB client faced a vulnerability concerning the validation of Discretionary Access Control Lists (DACLs). The issue arose when a DACL pointer derived from server input was inadequately validated, leading to potential out-of-bounds read during operations involving chmod or chown. Specifically, a malicious server could return a malformed DACL that bypassed initial structural checks, allowing the client to process attacker-controlled Access Control Entries (ACEs) without proper boundaries. To mitigate this vulnerability, improved validation methods were implemented to ensure that both the DACL and its ACEs are well-formed and comply with expected bounds before any rewrite operations are conducted.

Affected Version(s)

Linux bc3e9dd9d104ca1b75644eab87b38ce8a924aef4

Linux bc3e9dd9d104ca1b75644eab87b38ce8a924aef4 < 0a8cf165566ba55a39fd0f4de172119dd646d39a

Linux 5.12

References

https://git.kernel.org/stable/c/b78db9bddc84136f6a0bb49e8...

https://git.kernel.org/stable/c/0a8cf165566ba55a39fd0f4de...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31709 Data

JSON