PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31433 Linux CVE debrief

CVE-2026-31433 is a Linux kernel ksmbd issue in FILE_ALL_INFORMATION handling for compound SMB requests. According to the published description, a QUERY_DIRECTORY followed by QUERY_INFO can leave too little room in the response buffer, yet get_file_all_info() still attempted to convert and copy the filename as if PATH_MAX space were available. That can lead to an out-of-bounds write and potential memory corruption. The described fix adds an output-buffer-size check and bounds the filename conversion to the actual remaining space.

Vendor
Linux
Product
Unknown
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-04-27
Advisory published
2026-04-22
Advisory updated
2026-04-27

Who should care

Administrators and security teams running Linux systems with ksmbd enabled should prioritize this, especially where SMB service is exposed to untrusted clients. Kernel maintainers and distro patch managers should also track the fix status in their supported branches.

Technical summary

The vulnerability is in ksmbd’s get_file_all_info() path for compound SMB2 requests. If an earlier request in the compound consumes nearly all of max_trans_size, the code could still call smbConvertToUTF16() using PATH_MAX rather than the actual free space in the output buffer. The result is an out-of-bounds write beyond the response buffer. The described remediation computes the remaining output-buffer capacity with smb2_calc_max_out_buf_len(), returns -EINVAL when the buffer is insufficient, and limits smbConvertToUTF16() to the real filename length, clamped by PATH_MAX.

Defensive priority

High. The CVSS vector provided by the source is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which indicates network reachability, low privileges, no user interaction, and high impact if successfully triggered.

Recommended defensive actions

  • Verify whether ksmbd is enabled on any Linux systems you operate.
  • Check vendor kernel advisories or stable kernel updates that include the ksmbd fix for CVE-2026-31433.
  • Prioritize patching systems that expose SMB service to untrusted networks or tenants.
  • If immediate patching is not possible, reduce exposure by limiting SMB access to trusted networks and authenticated clients.
  • Monitor logs for unusual SMB compound request patterns targeting ksmbd until systems are updated.

Evidence notes

This debrief is based only on the supplied NVD record and the kernel-stable commit references listed there. The NVD entry is marked "Undergoing Analysis" and does not provide affected version ranges in the supplied corpus. Vendor attribution is treated as Linux kernel/ksmbd based on the vulnerability description; no broader product scope is asserted. The KEV field is false in the provided data.

Official resources

Publicly disclosed on 2026-04-22 per the supplied CVE record; modified on 2026-04-27. No KEV listing is indicated in the provided data.