CVE-2026-31410 Linux CVE debrief

Who should care

Linux kernel maintainers, distribution security teams, and administrators running the ksmbd SMB server on affected Linux kernel releases. Organizations that expose SMB services from Linux kernels in the affected ranges should prioritize kernel update planning.

Technical summary

NVD’s record and the referenced kernel patches indicate that ksmbd was not using the preferred volume identifier when answering FS_OBJECT_ID_INFORMATION. The resolved change makes the kernel use sb->s_uuid first, which is the proper volume UUID when available, and otherwise derive an ID from vfs_statfs() (stfs.f_fsid). NVD lists affected Linux kernel ranges including 5.15 before 6.12.78, 6.13 before 6.18.20, 6.19 before 6.19.10, and 7.0-rc1 through 7.0-rc4.

Defensive priority

Medium. This is not marked KEV, but it affects a network file-sharing service path in the kernel and NVD rates the impact as high availability. Apply the kernel fix promptly on systems that run ksmbd.

Recommended defensive actions

• Update to a Linux kernel release that includes the referenced ksmbd fix.
• If you maintain a downstream kernel, backport the stable patch referenced by NVD.
• Review systems that expose ksmbd and confirm they are on a non-vulnerable kernel line.
• Track the affected version ranges in NVD when planning upgrades: 5.15 before 6.12.78, 6.13 before 6.18.20, and 6.19 before 6.19.10.
• Validate whether any deployed kernels match the listed 7.0 release candidates and update if they do.

Evidence notes

Source corpus support is limited to the NVD record and the linked kernel patches. The NVD description states the fix: use sb->s_uuid as the primary volume identifier, falling back to stfs.f_fsid from vfs_statfs() if no UUID exists. NVD marks the vuln status as Analyzed and provides four stable kernel patch references. CVSS in the supplied record is 5.5/MEDIUM with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Official resources