CVE-2026-31432

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds write exists in ksmbd when processing compound requests, such as READ combined with QUERY INFO(Security). If the initial command consumes most of the response buffer, ksmbd may write beyond the allocated buffer while building a security descriptor. This occurs because the smb2 get info sec() function validates buffer space using ppntsd size from xattr, whereas build sec desc() may synthesize a larger descriptor from POSIX ACLs (Access Control Lists, which define permissions for files and directories).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.