Bug 2464394 (CVE-2026-31710)

Summary: CVE-2026-31710 kernel: smb: client: fix dir separator in SMB1 UNIX mounts
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's Server Message Block (SMB) client. When mounting SMB1 UNIX shares, the system may incorrectly handle directory separators. This issue arises because flags related to POSIX Access Control Lists (ACLs) and paths are not properly updated, leading to the use of an incorrect directory separator in paths. This could prevent legitimate users from accessing files or directories as intended, potentially leading to a denial of service for client operations.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-01 15:04:16 UTC 
In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix dir separator in SMB1 UNIX mounts

When calling cifs_mount_get_tcon() with SMB1 UNIX mounts,
@cifs_sb->mnt_cifs_flags needs to be read or updated only after
calling reset_cifs_unix_caps(), otherwise it might end up with missing
CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits.

This fixes the wrong dir separator used in paths caused by the missing
CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.
Comment 1 Keith Grant 2026-05-01 20:15:27 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050122-CVE-2026-31710-511c@gregkh/T