PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31432 Linux CVE debrief

CVE-2026-31432 is a Linux kernel ksmbd memory-safety issue in QUERY_INFO handling for compound SMB requests. If READ consumes most of the response buffer, ksmbd could overrun the allocated space while building a security descriptor. The published fix tightens size calculation and buffer checks before allocation and pinning.

Vendor
Linux
Product
Unknown
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-05-21
Advisory published
2026-04-22
Advisory updated
2026-05-21

Who should care

Operators running the Linux kernel SMB server component (ksmbd), especially on systems that accept SMB connections over the network. This is most relevant for environments using affected kernel releases listed by NVD, including the 5.15, 6.1, 6.6, 6.13, 6.19, and 7.0-rc lines in the supplied advisory data.

Technical summary

NVD describes the flaw as CWE-787 (out-of-bounds write) with CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The bug occurs when ksmbd handles a compound request such as READ plus QUERY_INFO(Security): the first command can consume most of the response buffer, but smb2_get_info_sec() checked space using ppntsd_size from xattr even when build_sec_desc() synthesized a larger descriptor from POSIX ACLs. The fix adds smb_acl_sec_desc_scratch_len() for accurate descriptor sizing, uses smb2_calc_max_out_buf_len() for proper bounds checking, and switches to exact-sized allocation plus iov pinning.

Defensive priority

High. The issue is network-reachable, kernel-level, and rated CVSS 8.8 by NVD. Prioritize patching if ksmbd is enabled or exposed in your environment.

Recommended defensive actions

  • Apply the kernel updates or vendor backports that include the referenced ksmbd fixes.
  • Confirm whether ksmbd is enabled and exposed on any production hosts, appliances, or embedded systems.
  • Map your running kernel versions against the affected ranges in the supplied NVD criteria and upgrade if they fall within scope.
  • Prefer vendor-supported kernel packages when available, since multiple stable branches are listed as patched references.
  • Treat SMB server exposure as a higher-risk service and restrict network access where possible until patched.

Evidence notes

This debrief is based only on the supplied NVD record and the linked kernel patch references. The vulnerability was published in the source data on 2026-04-22 and modified on 2026-05-21. No KEV entry or ransomware association is present in the supplied corpus. NVD lists the weakness as CWE-787 and assigns CVSS 8.8 with network attack vector and low attack complexity.

Official resources

Publicly listed in the supplied source data on 2026-04-22T09:16:21.410Z and modified on 2026-05-21T17:28:57.847Z.