Out-of-Bounds Read Vulnerability in Linux Kernel's SMB Functionality
CVE-2026-31712

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31712?

A vulnerability in the Linux kernel's SMB functionality could allow an authenticated attacker with permission to set an Access Control List (ACL) on a file to exploit a weakness in the handling of Access Control Entries (ACEs). This improper validation could result in an out-of-bounds read during the evaluation of ACLs, leading to potential kernel state corruption. The vulnerability arises from checks that inadequately ensure the ACE's size aligns with its declared structure, particularly risking out-of-bounds reads from carefully crafted DACLs. Proper validation measures need to be enforced to avoid exploitation risks.

Affected Version(s)

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 95e5aa3c3261da8c95b27d7aecf8ee39b9f86a4c

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 90089584b2e25c4510b7b987387b4405f0673ece

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 151b1799861fde38087c08f613abc2843ef597b0

References

https://git.kernel.org/stable/c/95e5aa3c3261da8c95b27d7ae...

https://git.kernel.org/stable/c/90089584b2e25c4510b7b9873...

https://git.kernel.org/stable/c/151b1799861fde38087c08f61...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31712 Data

JSON