Vulnerability-Lookup

WID-SEC-W-2026-1232

Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-05-04 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um seine Privilegien zu erhöhen, um einen Denial of Service Zustand oder andere, nicht näher spezifizierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme: - Linux

CVE-2026-31432

Affected products

Known affected 8 products

Product	Identifier	Version
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:unspecified`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-31433

Affected products

Known affected 8 products

Product	Identifier	Version
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:unspecified`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-31431

Affected products

Known affected 8 products

Product	Identifier	Version
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:unspecified`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Google Cloud Platform Google	`cpe:/a:google:cloud_platform:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

References

45 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lore.kernel.org/linux-cve-announce/	external
https://lore.kernel.org/linux-cve-announce/202604…	external
https://lore.kernel.org/linux-cve-announce/202604…	external
https://lore.kernel.org/linux-cve-announce/202604…	external
https://github.com/badsectorlabs/copyfail-go	external
https://copy.fail/	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external
https://ubuntu.com/security/notices/USN-8226-2	external
https://lists.debian.org/debian-security-announce…	external
https://ubuntu.com/security/notices/USN-8226-1	external
https://linux.oracle.com/errata/ELSA-2026-50253.html	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://docs.cloud.google.com/support/bulletins#g…	external
https://linux.oracle.com/errata/ELSA-2026-50255.html	external
https://linux.oracle.com/errata/ELSA-2026-50254.html	external
https://docs.cloud.google.com/container-optimized…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:13578	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:13566	external
https://access.redhat.com/errata/RHSA-2026:13577	external
https://access.redhat.com/errata/RHSA-2026:13565	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um seine Privilegien zu erh\u00f6hen, um einen Denial of Service Zustand oder andere, nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1232 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1232.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1232 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-31431",
        "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-31432",
        "url": "https://lore.kernel.org/linux-cve-announce/2026042216-CVE-2026-31432-e990@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-31433",
        "url": "https://lore.kernel.org/linux-cve-announce/2026042216-CVE-2026-31433-51e6@gregkh/"
      },
      {
        "category": "external",
        "summary": "CopyFail (CVE-2026-31431) Exploit-Code vom 2026-04-29",
        "url": "https://github.com/badsectorlabs/copyfail-go"
      },
      {
        "category": "external",
        "summary": "CopyFail (CVE-2026-31431) Webseite vom 2026-04-29",
        "url": "https://copy.fail/"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog CVE-2026-31431 vom 2026-05-03",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8226-2 vom 2026-04-30",
        "url": "https://ubuntu.com/security/notices/USN-8226-2"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6238 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00148.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8226-1 vom 2026-04-30",
        "url": "https://ubuntu.com/security/notices/USN-8226-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-50253 vom 2026-05-02",
        "url": "https://linux.oracle.com/errata/ELSA-2026-50253.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6243 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00154.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4560 vom 2026-05-02",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00004.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4561 vom 2026-05-02",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00005.html"
      },
      {
        "category": "external",
        "summary": "Google Cloud Platform Security Bulletin GCP-2026-026 vom 2026-05-01",
        "url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-026"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-50255 vom 2026-05-02",
        "url": "https://linux.oracle.com/errata/ELSA-2026-50255.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-50254 vom 2026-05-02",
        "url": "https://linux.oracle.com/errata/ELSA-2026-50254.html"
      },
      {
        "category": "external",
        "summary": "Container-Optimized OS release notes vom 2026-05-02",
        "url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#May_01_2026"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21465-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025792.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21454-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025802.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21463-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025794.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21421-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025828.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21458-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025798.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21460-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025796.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21459-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025797.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1674-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025834.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21443-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025811.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21439-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025815.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1676-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025832.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1675-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025833.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1669-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025831.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1677-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025830.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1672-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025835.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1670-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025837.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1671-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025836.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21442-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025812.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1678-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025829.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21453-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025803.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13578 vom 2026-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:13578"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1671-2 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025838.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13566 vom 2026-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:13566"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13577 vom 2026-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:13577"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13565 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13565"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-04T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-05T08:27:21.005+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1232",
      "initial_release_date": "2026-04-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-24639, EUVD-2026-24641"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "3",
          "summary": "Beschreibung CVE-2026-31431 angepasst, Exploit verf\u00fcgbar"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "4",
          "summary": "CVE-2026-31431 wird aktiv ausgenutzt"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Google Cloud Platform",
            "product": {
              "name": "Google Cloud Platform",
              "product_id": "393401",
              "product_identification_helper": {
                "cpe": "cpe:/a:google:cloud_platform:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Google Container-Optimized OS",
            "product": {
              "name": "Google Container-Optimized OS",
              "product_id": "1607324",
              "product_identification_helper": {
                "cpe": "cpe:/o:google:container-optimized_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T028462",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:unspecified"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-31432",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "393401",
          "T004914",
          "1607324"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-31432"
    },
    {
      "cve": "CVE-2026-31433",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "393401",
          "T004914",
          "1607324"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-31433"
    },
    {
      "cve": "CVE-2026-31431",
      "product_status": {
        "known_affected": [
          "T028462",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "393401",
          "T004914",
          "1607324"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-31431"
    }
  ]
}

CVE-2026-31433 (GCVE-0-2026-31433)

Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-05-11 22:08

Title

ksmbd: fix potencial OOB in get_file_all_info() for compound requests

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for compound requests When a compound request consists of QUERY_DIRECTORY + QUERY_INFO (FILE_ALL_INFORMATION) and the first command consumes nearly the entire max_trans_size, get_file_all_info() would blindly call smbConvertToUTF16() with PATH_MAX, causing out-of-bounds write beyond the response buffer. In get_file_all_info(), there was a missing validation check for the client-provided OutputBufferLength before copying the filename into FileName field of the smb2_file_all_info structure. If the filename length exceeds the available buffer space, it could lead to potential buffer overflows or memory corruption during smbConvertToUTF16 conversion. This calculating the actual free buffer size using smb2_calc_max_out_buf_len() and returning -EINVAL if the buffer is insufficient and updating smbConvertToUTF16 to use the actual filename length (clamped by PATH_MAX) to ensure a safe copy operation.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/3a852f9d1c981fb14…
https://git.kernel.org/stable/c/4cca3eff2099b1867…
https://git.kernel.org/stable/c/358cdaa1f7fbf2712…
https://git.kernel.org/stable/c/7aec5a769d2356cbf…
https://git.kernel.org/stable/c/b0cd9725fe2bcc9f3…
https://git.kernel.org/stable/c/9d7032851d6f5adbe…
https://git.kernel.org/stable/c/beef2634f81f1c086…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: f2283680a80571ca82d710bc6ecd8f8beac67d63 , < 3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7 (git) Affected: 9f297df20d93411c0b4ddad7f88ba04a7cd36e77 , < 4cca3eff2099b18672934a39cee70aed835d652c (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < 358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < 7aec5a769d2356cbf344d85bcfd36de592ac96a5 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < b0cd9725fe2bcc9f37d096b132318a9060373f5d (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < 9d7032851d6f5adbe2739601ca456c0ad3b422f0 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < beef2634f81f1c086208191f7228bce1d366493d (git)
Linux	Linux	Affected: 6.6 Unaffected: 0 , < 6.6 (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.131 , ≤ 6.6.* (semver) Unaffected: 6.12.80 , ≤ 6.12.* (semver) Unaffected: 6.18.21 , ≤ 6.18.* (semver) Unaffected: 6.19.11 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7",
              "status": "affected",
              "version": "f2283680a80571ca82d710bc6ecd8f8beac67d63",
              "versionType": "git"
            },
            {
              "lessThan": "4cca3eff2099b18672934a39cee70aed835d652c",
              "status": "affected",
              "version": "9f297df20d93411c0b4ddad7f88ba04a7cd36e77",
              "versionType": "git"
            },
            {
              "lessThan": "358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "lessThan": "7aec5a769d2356cbf344d85bcfd36de592ac96a5",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "lessThan": "b0cd9725fe2bcc9f37d096b132318a9060373f5d",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "lessThan": "9d7032851d6f5adbe2739601ca456c0ad3b422f0",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "lessThan": "beef2634f81f1c086208191f7228bce1d366493d",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.131",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "5.15.145",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "6.1.71",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.131",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.80",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.21",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.11",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial OOB in get_file_all_info() for compound requests\n\nWhen a compound request consists of QUERY_DIRECTORY + QUERY_INFO\n(FILE_ALL_INFORMATION) and the first command consumes nearly the entire\nmax_trans_size, get_file_all_info() would blindly call smbConvertToUTF16()\nwith PATH_MAX, causing out-of-bounds write beyond the response buffer.\nIn get_file_all_info(), there was a missing validation check for\nthe client-provided OutputBufferLength before copying the filename into\nFileName field of the smb2_file_all_info structure.\nIf the filename length exceeds the available buffer space, it could lead to\npotential buffer overflows or memory corruption during smbConvertToUTF16\nconversion. This calculating the actual free buffer size using\nsmb2_calc_max_out_buf_len() and returning -EINVAL if the buffer is\ninsufficient and updating smbConvertToUTF16 to use the actual filename\nlength (clamped by PATH_MAX) to ensure a safe copy operation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:08:36.945Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/4cca3eff2099b18672934a39cee70aed835d652c"
        },
        {
          "url": "https://git.kernel.org/stable/c/358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/7aec5a769d2356cbf344d85bcfd36de592ac96a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0cd9725fe2bcc9f37d096b132318a9060373f5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d7032851d6f5adbe2739601ca456c0ad3b422f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/beef2634f81f1c086208191f7228bce1d366493d"
        }
      ],
      "title": "ksmbd: fix potencial OOB in get_file_all_info() for compound requests",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31433",
    "datePublished": "2026-04-22T08:15:11.719Z",
    "dateReserved": "2026-03-09T15:48:24.089Z",
    "dateUpdated": "2026-05-11T22:08:36.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-31431 (GCVE-0-2026-31431)

Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-05-12 12:09

Title

crypto: algif_aead - Revert to operating out-of-place

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-669 - Incorrect Resource Transfer Between Spheres

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/893d22e0135fa394d…
https://git.kernel.org/stable/c/19d43105a97be0810…
https://git.kernel.org/stable/c/961cfa271a918ad4a…
https://git.kernel.org/stable/c/3115af9644c342b35…
https://git.kernel.org/stable/c/8b88d99341f139e23…
https://git.kernel.org/stable/c/fafe0fa2995a0f707…
https://git.kernel.org/stable/c/ce42ee423e58dffa5…
https://git.kernel.org/stable/c/a664bf3d603dc3bdc…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git) Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git) Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git) Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git) Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git) Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git) Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git) Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
Linux	Linux	Affected: 4.14 Unaffected: 0 , < 4.14 (semver) Unaffected: 5.10.254 , ≤ 5.10.* (semver) Unaffected: 5.15.204 , ≤ 5.15.* (semver) Unaffected: 6.1.170 , ≤ 6.1.* (semver) Unaffected: 6.6.137 , ≤ 6.6.* (semver) Unaffected: 6.12.85 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-31431",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-05-01",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-669",
                "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-02T03:55:23.146Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
          },
          {
            "tags": [
              "mitigation"
            ],
            "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
          },
          {
            "tags": [
              "mitigation"
            ],
            "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
          },
          {
            "tags": [
              "mitigation"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-01T00:00:00.000Z",
            "value": "CVE-2026-31431 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-08T20:21:41.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
          },
          {
            "url": "https://copy.fail"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
          },
          {
            "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/260001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:09:03.910Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/af_alg.c",
            "crypto/algif_aead.c",
            "crypto/algif_skcipher.c",
            "include/crypto/if_alg.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "893d22e0135fa394db81df88697fba6032747667",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/af_alg.c",
            "crypto/algif_aead.c",
            "crypto/algif_skcipher.c",
            "include/crypto/if_alg.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.254",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.204",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.137",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.254",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.204",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.170",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.137",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.85",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:08:34.612Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
        },
        {
          "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
        },
        {
          "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
        },
        {
          "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
        },
        {
          "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
        }
      ],
      "title": "crypto: algif_aead - Revert to operating out-of-place",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31431",
    "datePublished": "2026-04-22T08:15:10.123Z",
    "dateReserved": "2026-03-09T15:48:24.089Z",
    "dateUpdated": "2026-05-12T12:09:03.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-31432 (GCVE-0-2026-31432)

Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-05-11 22:08

Title

ksmbd: fix OOB write in QUERY_INFO for compound requests

Summary

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_INFO for compound requests When a compound request such as READ + QUERY_INFO(Security) is received, and the first command (READ) consumes most of the response buffer, ksmbd could write beyond the allocated buffer while building a security descriptor. The root cause was that smb2_get_info_sec() checked buffer space using ppntsd_size from xattr, while build_sec_desc() often synthesized a significantly larger descriptor from POSIX ACLs. This patch introduces smb_acl_sec_desc_scratch_len() to accurately compute the final descriptor size beforehand, performs proper buffer checking with smb2_calc_max_out_buf_len(), and uses exact-sized allocation + iov pinning.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/d48c64fb80ad78b3d…
https://git.kernel.org/stable/c/075ea208c648cc2bc…
https://git.kernel.org/stable/c/515c2daab46021221…
https://git.kernel.org/stable/c/fda9522ed6afaec45…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < d48c64fb80ad78b3dd29fb7d79b6ec7bd72bfc09 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < 075ea208c648cc2bcd616295b711d3637c61de45 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < 515c2daab46021221bdf406bef19bc90a44ec617 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < fda9522ed6afaec45cabc198d8492270c394c7bc (git) Affected: f2283680a80571ca82d710bc6ecd8f8beac67d63 (git) Affected: 9f297df20d93411c0b4ddad7f88ba04a7cd36e77 (git)
Linux	Linux	Affected: 6.6 Unaffected: 0 , < 6.6 (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c",
            "fs/smb/server/smbacl.c",
            "fs/smb/server/smbacl.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d48c64fb80ad78b3dd29fb7d79b6ec7bd72bfc09",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "lessThan": "075ea208c648cc2bcd616295b711d3637c61de45",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "lessThan": "515c2daab46021221bdf406bef19bc90a44ec617",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "lessThan": "fda9522ed6afaec45cabc198d8492270c394c7bc",
              "status": "affected",
              "version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f2283680a80571ca82d710bc6ecd8f8beac67d63",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "9f297df20d93411c0b4ddad7f88ba04a7cd36e77",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/smb2pdu.c",
            "fs/smb/server/smbacl.c",
            "fs/smb/server/smbacl.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.145",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.1.71",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix OOB write in QUERY_INFO for compound requests\n\nWhen a compound request such as READ + QUERY_INFO(Security) is received,\nand the first command (READ) consumes most of the response buffer,\nksmbd could write beyond the allocated buffer while building a security\ndescriptor.\n\nThe root cause was that smb2_get_info_sec() checked buffer space using\nppntsd_size from xattr, while build_sec_desc() often synthesized a\nsignificantly larger descriptor from POSIX ACLs.\n\nThis patch introduces smb_acl_sec_desc_scratch_len() to accurately\ncompute the final descriptor size beforehand, performs proper buffer\nchecking with smb2_calc_max_out_buf_len(), and uses exact-sized\nallocation + iov pinning."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:08:35.779Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d48c64fb80ad78b3dd29fb7d79b6ec7bd72bfc09"
        },
        {
          "url": "https://git.kernel.org/stable/c/075ea208c648cc2bcd616295b711d3637c61de45"
        },
        {
          "url": "https://git.kernel.org/stable/c/515c2daab46021221bdf406bef19bc90a44ec617"
        },
        {
          "url": "https://git.kernel.org/stable/c/fda9522ed6afaec45cabc198d8492270c394c7bc"
        }
      ],
      "title": "ksmbd: fix OOB write in QUERY_INFO for compound requests",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31432",
    "datePublished": "2026-04-22T08:15:10.873Z",
    "dateReserved": "2026-03-09T15:48:24.089Z",
    "dateUpdated": "2026-05-11T22:08:35.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1232

CVE-2026-31433 (GCVE-0-2026-31433)

CVE-2026-31431 (GCVE-0-2026-31431)

CVE-2026-31432 (GCVE-0-2026-31432)

Tags

Sightings

Nomenclature