CVE-2026-31709 Linux CVE debrief

Who should care

Linux distribution maintainers, kernel and CIFS/SMB client maintainers, and administrators running affected Linux kernels that connect to untrusted or semi-trusted SMB servers should prioritize this issue. Security teams should pay special attention to systems that routinely mount network shares or automate permission changes on SMB-backed files.

Technical summary

The issue is in the Linux kernel SMB client path that handles ACL/DACL data from a server. According to the supplied description, build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-controlled offset and then use the incoming ACL to rebuild the chmod/chown security descriptor. The original fix validated only the DACL header fields, but not the full DACL body; a truncated DACL could still claim ACEs and cause rewrite helpers such as replace_sids_and_copy_aces() or set_chmod_dacl() to walk beyond the validated extent. The described fix factors structural checks into validate_dacl(), extends validation to each ACE, and reuses that validator for both parse_dacl() and the rewrite paths.

Defensive priority

High. This is a network-reachable kernel flaw with a high CVSS score and potential impact on confidentiality, integrity, and availability when the SMB client processes malicious server responses. Prioritize patching or backporting the kernel fix on systems that access untrusted SMB servers.

Recommended defensive actions

• Apply the upstream or vendor kernel fix that strengthens DACL validation in the SMB/CIFS client.
• Backport the patch to supported kernel branches used in your environment, especially if you are running Linux kernel versions 5.12 through before 7.0.2.
• Review systems that mount SMB shares from untrusted or externally managed servers and schedule expedited maintenance for them.
• If immediate patching is not possible, reduce exposure by limiting SMB server trust relationships and restricting where chmod/chown operations are performed on SMB-mounted files.
• Verify that your vulnerability management process tracks the affected kernel range and the CVSS 8.8 HIGH rating for remediation prioritization.

Evidence notes

All statements above are grounded in the supplied NVD-derived record and its kernel stable patch references. The source corpus states the vulnerability was published on 2026-05-01 and last modified on 2026-05-17, describes the DACL validation gap in the Linux kernel SMB client, and lists affected Linux kernel versions from 5.12 through before 7.0.2. No exploit technique, proof of concept, or unsupported impact claims are included.

Official resources