Bug 2464476 (CVE-2026-31709)
| Summary: | CVE-2026-31709 kernel: smb: client: validate the whole DACL before rewriting it in cifsacl | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Linux kernel's Server Message Block (SMB) client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List (DACL) that claims to contain more Access Control Entries (ACEs) than are actually present. This insufficient validation allows the kernel to read or copy data beyond the intended memory boundaries, leading to memory corruption. This could potentially result in information disclosure or a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-05-01 15:08:57 UTC
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026050122-CVE-2026-31709-335b@gregkh/T This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:21556 https://access.redhat.com/errata/RHSA-2026:21556 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:21706 https://access.redhat.com/errata/RHSA-2026:21706 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:21745 https://access.redhat.com/errata/RHSA-2026:21745 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:22900 https://access.redhat.com/errata/RHSA-2026:22900 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:22940 https://access.redhat.com/errata/RHSA-2026:22940 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:23237 https://access.redhat.com/errata/RHSA-2026:23237 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:23224 https://access.redhat.com/errata/RHSA-2026:23224 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:23329 https://access.redhat.com/errata/RHSA-2026:23329 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:24343 https://access.redhat.com/errata/RHSA-2026:24343 |