redhat · CVE-2026-31433

Quick triage

Priority: not assigned Published: 2026-04-22 00:00:00 UTC Updated: 2026-04-22 00:00:00 UTC

View at Official redhat advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

A flaw was found in the ksmbd module of the Linux kernel. A remote attacker can exploit this vulnerability by sending a specially crafted compound request, specifically a combination of QUERY_DIRECTORY and QUERY_INFO. Due to a missing validation check for the client-provided output buffer length, an out-of-bounds write can occur when processing filenames. This can lead to memory corruption, potentially causing a denial of service or other unpredictable system behavior.

Description:

A flaw was found in the ksmbd module of the Linux kernel. A remote attacker can exploit this vulnerability by sending a specially crafted compound request, specifically a combination of QUERY_DIRECTORY and QUERY_INFO. Due to a missing validation check for the client-provided output buffer length, an out-of-bounds write can occur when processing filenames. This can lead to memory corruption, potentially causing a denial of service or other unpredictable system behavior.

cvelogic Threat Intelligence