Memory Management Flaw in Linux Kernel's SMB server
CVE-2026-31711

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31711?

A vulnerability in the Linux Kernel's SMB server allows an unauthenticated remote attacker to exploit a memory leak during transport allocation failures. When the system attempts to create new connections, a failure in allocating transport can leave active connection counters improperly incremented. This leak can be exploited by maintaining open connections with large RFC1002 lengths, eventually exhausting the maximum connection slots. As a result, legitimate connection attempts may be rejected, leading to disruption. The vulnerability has been addressed in a patch that ensures proper decrementing of connection counters on allocation failures, restoring normal connection acceptance behavior.

Affected Version(s)

Linux 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 < 97f8d2648ef4871e4cd335e2d769cb40054a6772

Linux 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 < 295a9fc6789d1011c36ded9f0f2907bb34fa0de4

Linux 0d0d4680db22eda1eea785c47bbf66a9b33a8b16 < 283027aa93380380a0994f35dde3ec95318f2654

References

https://git.kernel.org/stable/c/97f8d2648ef4871e4cd335e2d...

https://git.kernel.org/stable/c/295a9fc6789d1011c36ded9f0...

https://git.kernel.org/stable/c/283027aa93380380a0994f35d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31711 Data

JSON