CVE-2026-31712

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds read exists in the ksmbd component. The smb check perm dacl() function fails to properly validate that an Access Control Entry (ACE) size is sufficient for the structure it describes. An authenticated SMB client with permissions to set an ACL on a file can create a crafted Discretionary Access Control List (DACL) where the ace->size is smaller than required. When the kernel subsequently processes a CREATE request for that file, it triggers an out-of-bounds read while accessing the access req and ace->sid variables. This can lead to kernel state corruption or be detected by KASAN (Kernel Address Sanitizer), a dynamic memory error detector.

Recommendations As a temporary workaround, restrict the ability of users to set custom ACLs on files accessed via SMB until a patch is applied.