CVE-2026-31610

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak exists in the ksmbd component during the SPNEGO decoding process. When the ksmbd decode negTokenInit() function processes the mechToken OCTET STRING element, the ksmbd neg token alloc() function allocates memory for conn->mechToken using kmemdup nul(). If a subsequent element in the data blob is malformed, such as when mechListMIC overruns the enclosing SEQUENCE, the decoder returns a nonzero value while the allocation remains active. Because the cleanup process in smb2 sess setup() only frees the memory if conn->use spnego is true, and this value is set to false upon decoding failure, the memory is not released. This issue is reachable pre-authentication, allowing untrusted clients to cause memory leaks on a server.

Recommendations Update the Linux kernel to a version where the check for use spnego is removed during the cleanup process in smb2 sess setup() and memory is freed in ksmbd conn free().