CVE-2026-31433

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix potencial OOB in get file all info() for compound requests

When a compound request consists of QUERY DIRECTORY + QUERY INFO (FILE ALL INFORMATION) and the first command consumes nearly the entire max trans size, get file all info() would blindly call smbConvertToUTF16() with PATH MAX, causing out-of-bounds write beyond the response buffer. In get file all info(), there was a missing validation check for the client-provided OutputBufferLength before copying the filename into FileName field of the smb2 file all info structure. If the filename length exceeds the available buffer space, it could lead to potential buffer overflows or memory corruption during smbConvertToUTF16 conversion. This calculating the actual free buffer size using smb2 calc max out buf len() and returning -EINVAL if the buffer is insufficient and updating smbConvertToUTF16 to use the actual filename length (clamped by PATH MAX) to ensure a safe copy operation.