{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31433","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.089Z","datePublished":"2026-04-22T08:15:11.719Z","dateUpdated":"2026-05-11T22:08:36.945Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:08:36.945Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial OOB in get_file_all_info() for compound requests\n\nWhen a compound request consists of QUERY_DIRECTORY + QUERY_INFO\n(FILE_ALL_INFORMATION) and the first command consumes nearly the entire\nmax_trans_size, get_file_all_info() would blindly call smbConvertToUTF16()\nwith PATH_MAX, causing out-of-bounds write beyond the response buffer.\nIn get_file_all_info(), there was a missing validation check for\nthe client-provided OutputBufferLength before copying the filename into\nFileName field of the smb2_file_all_info structure.\nIf the filename length exceeds the available buffer space, it could lead to\npotential buffer overflows or memory corruption during smbConvertToUTF16\nconversion. This calculating the actual free buffer size using\nsmb2_calc_max_out_buf_len() and returning -EINVAL if the buffer is\ninsufficient and updating smbConvertToUTF16 to use the actual filename\nlength (clamped by PATH_MAX) to ensure a safe copy operation."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/smb2pdu.c"],"versions":[{"version":"f2283680a80571ca82d710bc6ecd8f8beac67d63","lessThan":"3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7","status":"affected","versionType":"git"},{"version":"9f297df20d93411c0b4ddad7f88ba04a7cd36e77","lessThan":"4cca3eff2099b18672934a39cee70aed835d652c","status":"affected","versionType":"git"},{"version":"e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d","lessThan":"358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe","status":"affected","versionType":"git"},{"version":"e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d","lessThan":"7aec5a769d2356cbf344d85bcfd36de592ac96a5","status":"affected","versionType":"git"},{"version":"e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d","lessThan":"b0cd9725fe2bcc9f37d096b132318a9060373f5d","status":"affected","versionType":"git"},{"version":"e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d","lessThan":"9d7032851d6f5adbe2739601ca456c0ad3b422f0","status":"affected","versionType":"git"},{"version":"e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d","lessThan":"beef2634f81f1c086208191f7228bce1d366493d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/smb2pdu.c"],"versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.131","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.80","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.21","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.11","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.145","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.71","versionEndExcluding":"6.1.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.131"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.12.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.18.21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.19.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7"},{"url":"https://git.kernel.org/stable/c/4cca3eff2099b18672934a39cee70aed835d652c"},{"url":"https://git.kernel.org/stable/c/358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe"},{"url":"https://git.kernel.org/stable/c/7aec5a769d2356cbf344d85bcfd36de592ac96a5"},{"url":"https://git.kernel.org/stable/c/b0cd9725fe2bcc9f37d096b132318a9060373f5d"},{"url":"https://git.kernel.org/stable/c/9d7032851d6f5adbe2739601ca456c0ad3b422f0"},{"url":"https://git.kernel.org/stable/c/beef2634f81f1c086208191f7228bce1d366493d"}],"title":"ksmbd: fix potencial OOB in get_file_all_info() for compound requests","x_generator":{"engine":"bippy-1.2.0"}}}}