CVE-2026-31704
Published: May 1, 2026
Modified: Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use check_add_overflow() to prevent u16 DACL size overflow set_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causing the pointer arithmetic (char *)pndace + *size to land within already-written ACEs. Subsequent writes then overwrite earlier entries, and pndacl->size gets a truncated value. Use check_add_overflow() at each accumulation point to detect the wrap before it corrupts the buffer, consistent with existing check_mul_overflow() usage elsewhere in smbacl.c.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 41e53a773db6342ac9a689ee5ba635c31744c9f0affected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 8d5729350b236896f51379588d9a690b7fafb8dbaffected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < e1955a94b6f17f4b058afa955a6f187eb3ed7615affected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 5e7b8f3c539d69b2ed5f2408e2f75e68ce7eef43affected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < ef7902be3f215b6bf7babe4dc9dd9a7d57dad7a7+1 more versions |
Linux | Linux | affected 5.15unaffected 0 - < 5.15unaffected 6.1.175 - <= 6.1.*unaffected 6.6.136 - <= 6.6.*unaffected 6.12.84 - <= 6.12.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now