CVE-2026-31611

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In the ksmbd module, the parse dacl() function compares each Access Control Entry (ACE) Security Identifier (SID) against sid unix NFS mode. If sid unix NFS mode is the prefix S-1-5-88-3 with num subauth equal to 2, a client SID with num subauth equal to 2 and sub auth equal to {88, 3} will match. If the ACE is located at the end of the security descriptor, the system reads sub auth[2], which is 4 bytes beyond the end of the Access Control List (ACL). These out-of-band bytes are then masked to the low 9 bits and applied as the file's POSIX mode.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.