CVE-2026-31478
Published: Apr 22, 2026
Modified: May 23, 2026
CVSS v3.1
9.8
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add support for read compound"), response buffer management was changed to use dynamic iov array. In the new design, smb2_calc_max_out_buf_len() expects the second argument (hdr2_len) to be the offset of ->Buffer field in the response structure, not a hardcoded magic number. Fix the remaining call sites to use the correct offsetof() value.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected f2283680a80571ca82d710bc6ecd8f8beac67d63 - < 70b4c414889492c522b6e4331562360f49be2361affected 9f297df20d93411c0b4ddad7f88ba04a7cd36e77 - < 9a7166f0ef8cbb7bb48dd05e2471d995566003f5affected e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d - < c3a89e3ec1ccf64fa6a34e391e1581ebbcba8683affected e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d - < 6aef1765d6807e0f027cd87f6ac973eb0879a46daffected e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d - < 80824c7e527b70cf9039534e60aff592e8f209d1+4 more versions |
Linux | Linux | affected 6.6unaffected 0 - < 6.6unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*unaffected 6.6.131 - <= 6.6.*+4 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now